Search Results (364947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36376 2 Delta Project, Microsoft 2 Delta, Windows 2024-11-21 7.8 High
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.
CVE-2021-36374 2 Apache, Oracle 36 Ant, Agile Engineering Data Management, Agile Plm and 33 more 2024-11-21 5.5 Medium
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CVE-2021-36373 3 Apache, Oracle, Redhat 33 Ant, Agile Plm, Banking Trade Finance and 30 more 2024-11-21 5.5 Medium
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CVE-2021-36372 1 Apache 1 Ozone 2024-11-21 9.8 Critical
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.
CVE-2021-36371 1 Getambassador 1 Emissary-ingress 2024-11-21 3.7 Low
Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.)
CVE-2021-36370 1 Midnight-commander 1 Midnight Commander 2024-11-21 7.5 High
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
CVE-2021-36367 1 Putty 1 Putty 2024-11-21 8.1 High
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
CVE-2021-36366 1 Nagios 1 Nagios Xi 2024-11-21 9.8 Critical
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
CVE-2021-36365 1 Nagios 1 Nagios Xi 2024-11-21 9.8 Critical
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
CVE-2021-36364 1 Nagios 1 Nagios Xi 2024-11-21 9.8 Critical
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
CVE-2021-36363 1 Nagios 1 Nagios Xi 2024-11-21 9.8 Critical
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
CVE-2021-36359 1 Bscw 1 Bscw Classic 2024-11-21 8.8 High
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
CVE-2021-36357 1 Openpowerfoundation 1 Skiboot 2024-11-21 9.8 Critical
An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.
CVE-2021-36356 1 Kramerav 1 Viaware 2024-11-21 9.8 Critical
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
CVE-2021-36352 1 Care2x 1 Hospital Information Management 2024-11-21 5.4 Medium
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.
CVE-2021-36351 1 Care2x 1 Hospital Information Management System 2024-11-21 9.8 Critical
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
CVE-2021-36350 1 Dell 1 Powerscale Onefs 2024-11-21 5.9 Medium
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.
CVE-2021-36349 1 Dell 1 Emc Data Protection Central 2024-11-21 4.3 Medium
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.
CVE-2021-36348 1 Dell 2 Integrated Dell Remote Access Controller 9, Integrated Dell Remote Access Controller 9 Firmware 2024-11-21 8.1 High
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.
CVE-2021-36347 1 Dell 4 Integrated Dell Remote Access Controller 8, Integrated Dell Remote Access Controller 8 Firmware, Integrated Dell Remote Access Controller 9 and 1 more 2024-11-21 7.2 High
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.