Search Results (363619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33317 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 7.5 High
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
CVE-2021-33316 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-33315 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-33295 1 Joplin Project 1 Joplin 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
CVE-2021-33294 1 Elfutils Project 1 Elfutils 2024-11-21 5.5 Medium
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
CVE-2021-33293 2 Debian, Libpano13 Project 2 Debian Linux, Libpano13 2024-11-21 9.1 Critical
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.
CVE-2021-33286 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2024-11-21 7.8 High
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
CVE-2021-33274 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.
CVE-2021-33271 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
CVE-2021-33270 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.
CVE-2021-33269 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.
CVE-2021-33268 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.
CVE-2021-33267 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.
CVE-2021-33266 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.
CVE-2021-33265 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
CVE-2021-33259 2 D-link, Dlink 2 Dir-868lw Firmware, Dir-868lw 2024-11-21 5.3 Medium
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.
CVE-2021-33256 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 8.8 High
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.
CVE-2021-33254 2 Embedthis, Linux 2 Appweb, Linux Kernel 2024-11-21 7.5 High
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
CVE-2021-33221 1 Commscope 1 Ruckus Iot Controller 2024-11-21 9.8 Critical
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
CVE-2021-33220 1 Commscope 1 Ruckus Iot Controller 2024-11-21 7.8 High
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.