Search Results (365168 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41537 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789).
CVE-2021-41536 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).
CVE-2021-41535 1 Siemens 13 Nx 1957, Nx 1957 Firmware, Nx 1961 and 10 more 2024-11-21 7.8 High
A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771).
CVE-2021-41534 1 Siemens 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more 2024-11-21 3.3 Low
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).
CVE-2021-41533 1 Siemens 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more 2024-11-21 3.3 Low
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).
CVE-2021-41532 1 Apache 1 Ozone 2024-11-21 5.3 Medium
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.
CVE-2021-41531 1 Nlnetlabs 1 Routinator 2024-11-21 7.5 High
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
CVE-2021-41530 1 Forcepoint 1 Next Generation Firewall 2024-11-21 7.5 High
Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured.
CVE-2021-41526 1 Flexera 1 Revenera Installshield 2024-11-21 7.8 High
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
CVE-2021-41525 1 Flexera 1 Flexnet Inventory Agent And Beacon 2024-11-21 5.5 Medium
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.
CVE-2021-41524 5 Apache, Fedoraproject, Netapp and 2 more 5 Http Server, Fedora, Cloud Backup and 2 more 2024-11-21 7.5 High
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
CVE-2021-41511 1 Lodging Reservation Management System Project 1 Lodging Reservation Management System 2024-11-21 9.8 Critical
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
CVE-2021-41506 1 Xiongmaitech 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more 2024-11-21 9.8 Critical
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.
CVE-2021-41504 1 Dlink 4 Dcs-5000l, Dcs-5000l Firmware, Dcs-932l and 1 more 2024-11-21 8.0 High
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-41503 2 D-link, Dlink 5 Dcs-5000l Firmware, Dcs-932l Firmware, Dcs-5000l and 2 more 2024-11-21 8 High
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-41502 1 Intelliants 1 Subrion Cms 2024-11-21 5.4 Medium
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
CVE-2021-41500 2 Cvxopt Project, Fedoraproject 2 Cvxopt, Fedora 2024-11-21 7.5 High
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
CVE-2021-41499 1 Pyo Project 1 Pyo 2024-11-21 7.5 High
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.
CVE-2021-41498 1 Pyo Project 1 Pyo 2024-11-21 7.5 High
Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.
CVE-2021-41497 1 Rare-technologies 1 Bounter 2024-11-21 7.5 High
Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.