Search Results (366430 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3848 2 Microsoft, Trendmicro 3 Windows, Apex One, Worry-free Business Security 2024-11-21 5.5 Medium
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-3847 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 7.8 High
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.
CVE-2021-3846 1 Firefly-iii 1 Firefly Iii 2024-11-21 8.8 High
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-3845 1 Ws Scrcpy Project 1 Ws Scrcpy 2024-11-21 7.5 High
ws-scrcpy is vulnerable to External Control of File Name or Path
CVE-2021-3843 1 Lenovo 59 Thinkpad 11e 3rd Gen, Thinkpad 11e 3rd Gen Firmware, Thinkpad 11e 4th Gen Celeron and 56 more 2024-11-21 6.7 Medium
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-3842 3 Debian, Fedoraproject, Nltk 3 Debian Linux, Fedora, Nltk 2024-11-21 7.5 High
nltk is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3840 1 Lenovo 1 Antilles 2024-11-21 8.8 High
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.
CVE-2021-3839 3 Dpdk, Fedoraproject, Redhat 4 Data Plane Development Kit, Fedora, Enterprise Linux and 1 more 2024-11-21 7.5 High
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
CVE-2021-3837 1 Openwhyd 1 Openwhyd 2024-11-21 6.1 Medium
openwhyd is vulnerable to Improper Authorization
CVE-2021-3836 1 Dbeaver 1 Dbeaver 2024-11-21 5.5 Medium
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference
CVE-2021-3835 1 Zephyrproject 1 Zephyr 2024-11-21 8.2 High
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
CVE-2021-3834 1 Artica 1 Integria Ims 2024-11-21 5.4 Medium
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
CVE-2021-3833 1 Artica 1 Integria Ims 2024-11-21 9.8 Critical
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
CVE-2021-3832 1 Artica 1 Integria Ims 2024-11-21 9.8 Critical
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
CVE-2021-3831 1 Gnuboard 1 Gnuboard5 2024-11-21 6.1 Medium
gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3830 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.4 Medium
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3829 1 Openwhyd 1 Openwhyd 2024-11-21 6.1 Medium
openwhyd is vulnerable to URL Redirection to Untrusted Site
CVE-2021-3828 1 Nltk 1 Nltk 2024-11-21 7.5 High
nltk is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3827 1 Redhat 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more 2024-11-21 6.8 Medium
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-3826 3 Fedoraproject, Gnu, Redhat 4 Fedora, Gcc, Enterprise Linux and 1 more 2024-11-21 6.5 Medium
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.