Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44491 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation.
CVE-2021-44490 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction.
CVE-2021-44489 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction.
CVE-2021-44488 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 9.1 Critical
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application.
CVE-2021-44487 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer.
CVE-2021-44486 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 9.8 Critical
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution.
CVE-2021-44485 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer.
CVE-2021-44484 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer.
CVE-2021-44483 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.
CVE-2021-44482 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.
CVE-2021-44481 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-11-21 7.5 High
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer.
CVE-2021-44480 1 Wokkalokka 2 Wokka Watch Q50, Wokka Watch Q50 Firmware 2024-11-21 8.1 High
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.
CVE-2021-44479 1 Nxp 2 Kinetis K82, Kinetis K82 Firmware 2024-11-21 6.1 Medium
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
CVE-2021-44478 1 Siemens 2 Polarion Alm, Polarion Subversion Webclient 2024-11-21 6.1 Medium
A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.
CVE-2021-44471 1 Deltaww 1 Diaenergie 2024-11-21 7.5 High
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
CVE-2021-44466 2 Leap, Microsoft 2 Bitmask Riseup Vpn, Windows 2024-11-21 7.3 High
Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges.
CVE-2021-44461 1 Odoo 1 Odoo 2024-11-21 6.1 Medium
Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim.
CVE-2021-44460 1 Odoo 1 Odoo 2024-11-21 6.5 Medium
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.
CVE-2021-44458 2 Linux, Mirantis 2 Linux Kernel, Lens 2024-11-21 8.3 High
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
CVE-2021-44453 1 Myscada 1 Mypro 2024-11-21 10 Critical
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.