Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-42756 1 Fortinet 1 Fortiweb 2024-11-21 9.3 Critical
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
CVE-2021-42755 1 Fortinet 5 Fortios, Fortiproxy, Fortirecorder Firmware and 2 more 2024-11-21 4.3 Medium
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.
CVE-2021-42754 1 Fortinet 1 Forticlient 2024-11-21 3.2 Low
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
CVE-2021-42753 1 Fortinet 1 Fortiweb 2024-11-21 8.1 High
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.
CVE-2021-42752 1 Fortinet 1 Fortiwlm 2024-11-21 5.4 Medium
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests
CVE-2021-42751 1 Thingsboard 1 Thingsboard 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.
CVE-2021-42750 1 Thingsboard 1 Thingsboard 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
CVE-2021-42749 1 Fastlinemedia 1 Beaver Themer 2024-11-21 5.3 Medium
In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set.
CVE-2021-42748 1 Fastlinemedia 1 Beaver Builder 2024-11-21 5.3 Medium
In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.
CVE-2021-42743 2 Microsoft, Splunk 2 Windows, Splunk 2024-11-21 8.8 High
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
CVE-2021-42740 1 Shell-quote Project 1 Shell-quote 2024-11-21 9.8 Critical
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.
CVE-2021-42739 6 Debian, Fedoraproject, Linux and 3 more 10 Debian Linux, Fedora, Linux Kernel and 7 more 2024-11-21 6.7 Medium
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVE-2021-42734 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2024-11-21 5.5 Medium
Adobe Photoshop version 22.5.1  and earlier versions   are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-42732 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-11-21 7.8 High
Access of Memory Location After End of Buffer (CWE-788)
CVE-2021-42727 2 Adobe, Microsoft 2 Robohelp Server, Windows 2024-11-21 7.8 High
Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.
CVE-2021-42726 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 7.8 High
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-42725 1 Adobe 1 Bridge 2024-11-21 7.8 High
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-42723 2 Adobe, Microsoft 2 Premiere Pro, Windows 2024-11-21 7.8 High
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-42721 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 7.8 High
Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-42716 2 Fedoraproject, Nothings 2 Fedora, Stb Image.h 2024-11-21 7.1 High
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.