Search Results (364514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45487 1 Netbsd 1 Netbsd 2024-11-21 7.5 High
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
CVE-2021-45486 3 Linux, Oracle, Redhat 6 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 3 more 2024-11-21 3.5 Low
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVE-2021-45485 4 Linux, Netapp, Oracle and 1 more 46 Linux Kernel, Aff A400, Aff A400 Firmware and 43 more 2024-11-21 7.5 High
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVE-2021-45484 1 Netbsd 1 Netbsd 2024-11-21 7.5 High
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
CVE-2021-45483 2 Redhat, Webkitgtk 3 Enterprise Linux, Rhel Els, Webkitgtk 2024-11-21 6.5 Medium
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889.
CVE-2021-45482 2 Redhat, Webkitgtk 3 Enterprise Linux, Rhel Els, Webkitgtk 2024-11-21 6.5 Medium
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889.
CVE-2021-45481 2 Redhat, Webkitgtk 3 Enterprise Linux, Rhel Els, Webkitgtk 2024-11-21 6.5 Medium
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.
CVE-2021-45480 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
CVE-2021-45474 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-11-21 6.1 Medium
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
CVE-2021-45473 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-11-21 6.1 Medium
In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).
CVE-2021-45472 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-11-21 6.1 Medium
In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.
CVE-2021-45471 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-11-21 5.3 Medium
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
CVE-2021-45470 1 Circl 1 Cve-search 2024-11-21 7.5 High
lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts.
CVE-2021-45469 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-11-21 7.8 High
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.
CVE-2021-45468 1 Imperva 1 Web Application Firewall 2024-11-21 9.8 Critical
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
CVE-2021-45462 1 Open5gs 1 Open5gs 2024-11-21 7.5 High
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.
CVE-2021-45461 1 Sangoma 3 Freepbx, Pbxact, Restapps 2024-11-21 9.8 Critical
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
CVE-2021-45460 1 Siemens 2 Sicam Pq Analyzer, Sicam Pq Analyzer Firmware 2024-11-21 8.1 High
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.
CVE-2021-45459 1 Node-windows Project 1 Node-windows 2024-11-21 9.8 Critical
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.
CVE-2021-45458 1 Apache 1 Kylin 2024-11-21 7.5 High
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.