Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33604 1 Vaadin 2 Flow-server, Vaadin 2024-11-21 2.5 Low
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
CVE-2021-33603 3 Apple, F-secure, Microsoft 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more 2024-11-21 5.5 Medium
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33602 1 F-secure 4 Atlant, Cloud Protection, Internet Gatekeeper and 1 more 2024-11-21 5.5 Medium
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVE-2021-33601 1 F-secure 1 Internet Gatekeeper 2024-11-21 7.6 High
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.
CVE-2021-33600 1 F-secure 1 Internet Gatekeeper 2024-11-21 5.4 Medium
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.
CVE-2021-33599 3 Apple, F-secure, Microsoft 6 Macos, Atlant, Cloud Protection For Salesforce and 3 more 2024-11-21 4.6 Medium
A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVE-2021-33598 3 Apple, F-secure, Microsoft 5 Macos, Atlant, Elements Endpoint Protection and 2 more 2024-11-21 4.6 Medium
A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33597 3 Apple, F-secure, Microsoft 6 Macos, Business Suite, Client Security and 3 more 2024-11-21 3.5 Low
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33596 1 F-secure 1 Safe 2024-11-21 3.5 Low
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
CVE-2021-33595 1 F-secure 1 Safe 2024-11-21 3.5 Low
A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.
CVE-2021-33594 1 F-secure 1 Safe 2024-11-21 3.5 Low
An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
CVE-2021-33593 1 Navercorp 1 Whale 2024-11-21 5.3 Medium
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.
CVE-2021-33592 1 Naver 1 Toolbar 2024-11-21 9.8 Critical
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.
CVE-2021-33591 1 Naver 1 Comic Viewer 2024-11-21 8.8 High
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2021-33590 1 Labapart 1 Gattlib 2024-11-21 9.8 Critical
GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c.
CVE-2021-33587 2 Css-what Project, Netapp 2 Css-what, E-series Performance Analyzer 2024-11-21 7.5 High
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
CVE-2021-33586 1 Inspircd 1 Inspircd 2024-11-21 4.3 Medium
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
CVE-2021-33583 1 Reiner-sct 1 Timecard 2024-11-21 9.8 Critical
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.
CVE-2021-33582 4 Cyrus, Debian, Fedoraproject and 1 more 5 Imap, Debian Linux, Fedora and 2 more 2024-11-21 7.5 High
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
CVE-2021-33581 1 Softwareag 1 Mashzone Nextgen 2024-11-21 7.2 High
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.