Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-37606 1 Meow Hash Project 1 Meow Hash 2024-11-21 5.3 Medium
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences.
CVE-2021-37605 1 Microchip 1 Miwi 2024-11-21 7.5 High
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
CVE-2021-37604 1 Microchip 1 Miwi 2024-11-21 7.5 High
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack.
CVE-2021-37601 1 Prosody 1 Prosody 2024-11-21 7.5 High
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
CVE-2021-37600 2 Kernel, Netapp 2 Util-linux, Ontap Select Deploy Administration Utility 2024-11-21 5.5 Medium
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
CVE-2021-37599 1 Nuance 1 Winscribe Dictation 2024-11-21 9.8 Critical
The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.
CVE-2021-37598 1 Wpcerber 1 Wp Cerber 2024-11-21 5.3 Medium
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.
CVE-2021-37597 1 Wpcerber 1 Wp Cerber 2024-11-21 9.8 Critical
WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.
CVE-2021-37596 1 Telegram 1 Web K Alpha 2024-11-21 6.1 Medium
Telegram Web K Alpha 0.6.1 allows XSS via a document name.
CVE-2021-37595 2 Freerdp, Microsoft 2 Freerdp, Windows 2024-11-21 9.8 Critical
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.
CVE-2021-37594 2 Freerdp, Microsoft 2 Freerdp, Windows 2024-11-21 9.8 Critical
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.
CVE-2021-37593 1 Peel 1 Peel Shopping 2024-11-21 9.1 Critical
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
CVE-2021-37592 1 Oisf 1 Suricata 2024-11-21 9.8 Critical
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
CVE-2021-37589 1 Virtuasoftware 1 Cobranca 2024-11-21 7.5 High
Virtua Cobranca before 12R allows SQL Injection on the login page.
CVE-2021-37588 1 Jhu 1 Charm 2024-11-21 5.9 Medium
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
CVE-2021-37587 1 Jhu 1 Charm 2024-11-21 6.5 Medium
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.
CVE-2021-37586 1 Mitel 1 Interaction Recording 2024-11-21 4.9 Medium
The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.
CVE-2021-37584 1 Mediatek 20 Mt7603e, Mt7603e Firmware, Mt7610 and 17 more 2024-11-21 8.2 High
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).
CVE-2021-37583 1 Mediatek 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more 2024-11-21 8.2 High
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
CVE-2021-37580 1 Apache 1 Shenyu 2024-11-21 9.8 Critical
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0