Search Results (363819 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41550 1 Leostream 1 Connection Broker 2024-11-21 7.2 High
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.
CVE-2021-41547 1 Siemens 1 Teamcenter Active Workspace 2024-11-21 7.2 High
A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.
CVE-2021-41546 1 Siemens 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more 2024-11-21 7.5 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
CVE-2021-41545 1 Siemens 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more 2024-11-21 7.5 High
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state.
CVE-2021-41544 1 Siemens 1 Software Center 2024-11-21 7.8 High
A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.
CVE-2021-41543 1 Siemens 2 Climatix Pol909, Climatix Pol909 Firmware 2024-11-21 6.5 Medium
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.
CVE-2021-41542 1 Siemens 2 Climatix Pol909, Climatix Pol909 Firmware 2024-11-21 6.1 Medium
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
CVE-2021-41541 1 Siemens 2 Climatix Pol909, Climatix Pol909 Firmware 2024-11-21 6.1 Medium
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
CVE-2021-41540 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).
CVE-2021-41539 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773).
CVE-2021-41538 1 Siemens 13 Nx 1957, Nx 1957 Firmware, Nx 1961 and 10 more 2024-11-21 3.3 Low
A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).
CVE-2021-41537 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789).
CVE-2021-41536 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).
CVE-2021-41535 1 Siemens 13 Nx 1957, Nx 1957 Firmware, Nx 1961 and 10 more 2024-11-21 7.8 High
A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771).
CVE-2021-41534 1 Siemens 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more 2024-11-21 3.3 Low
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).
CVE-2021-41533 1 Siemens 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more 2024-11-21 3.3 Low
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).
CVE-2021-41532 1 Apache 1 Ozone 2024-11-21 5.3 Medium
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.
CVE-2021-41531 1 Nlnetlabs 1 Routinator 2024-11-21 7.5 High
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
CVE-2021-41530 1 Forcepoint 1 Next Generation Firewall 2024-11-21 7.5 High
Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured.
CVE-2021-41526 1 Flexera 1 Revenera Installshield 2024-11-21 7.8 High
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.