Search Results (362462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27223 1 Kaspersky 6 Anti-virus, Endpoint Security, Internet Security and 3 more 2024-11-21 5.5 Medium
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS
CVE-2021-27222 1 Obss 1 Time In Status 2024-11-21 5.4 Medium
In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.
CVE-2021-27221 1 Mikrotik 1 Routeros 2024-11-21 8.1 High
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
CVE-2021-27220 1 Paessler 1 Prtg Network Monitor 2024-11-21 5.3 Medium
An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server.
CVE-2021-27219 6 Broadcom, Debian, Fedoraproject and 3 more 15 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 12 more 2024-11-21 7.5 High
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
CVE-2021-27218 6 Broadcom, Debian, Fedoraproject and 3 more 8 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 5 more 2024-11-21 7.5 High
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVE-2021-27217 1 Yubico 1 Yubihsm-shell 2024-11-21 4.4 Medium
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product.
CVE-2021-27216 1 Exim 1 Exim 2024-11-21 6.3 Medium
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
CVE-2021-27215 1 Genua 1 Genuagate 2024-11-21 9.8 Critical
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
CVE-2021-27214 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 6.1 Medium
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
CVE-2021-27213 1 Pystemon Project 1 Pystemon 2024-11-21 9.8 Critical
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.
CVE-2021-27212 2 Debian, Openldap 2 Debian Linux, Openldap 2024-11-21 7.5 High
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
CVE-2021-27211 1 Steghide Project 1 Steghide 2024-11-21 7.5 High
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.
CVE-2021-27210 1 Tp-link 2 Archer C5v, Archer C5v Firmware 2024-11-21 6.5 Medium
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.
CVE-2021-27209 1 Tp-link 2 Archer C5v, Archer C5v Firmware 2024-11-21 7.1 High
In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.
CVE-2021-27208 1 Xilinx 4 Zynq-7000, Zynq-7000 Firmware, Zynq-7000s and 1 more 2024-11-21 6.8 Medium
When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.
CVE-2021-27205 2 Apple, Telegram 2 Macos, Telegram 2024-11-21 5.5 Medium
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.
CVE-2021-27204 2 Apple, Telegram 2 Macos, Telegram 2024-11-21 5.5 Medium
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
CVE-2021-27203 1 Dekart 1 Private Disk 2024-11-21 5.5 Medium
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.
CVE-2021-27201 1 Endian 1 Firewall Community 2024-11-21 8.8 High
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.