Search Results (364878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35526 2 Hitachiabb-powergrids, Hitachienergy 2 Sdm600 Firmware, Sdm600 2024-11-21 6.3 Medium
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).
CVE-2021-35525 1 Postsrsd Project 1 Postsrsd 2024-11-21 5.3 Medium
PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."
CVE-2021-35523 1 Securepoint 1 Openvpn-client 2024-11-21 7.8 High
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.
CVE-2021-35522 1 Idemia 22 Ma Vp Md, Ma Vp Md Firmware, Morphowave Compact Md and 19 more 2024-11-21 9.8 Critical
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
CVE-2021-35521 1 Idemia 12 Morphowave Compact Md, Morphowave Compact Md Firmware, Morphowave Compact Mdpi and 9 more 2024-11-21 5.9 Medium
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.
CVE-2021-35520 1 Idemia 8 Morphowave Compact Mdpi, Morphowave Compact Mdpi-m, Morphowave Compact Mdpi-m Firmware and 5 more 2024-11-21 6.2 Medium
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.
CVE-2021-35517 4 Apache, Netapp, Oracle and 1 more 29 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 26 more 2024-11-21 7.5 High
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CVE-2021-35516 4 Apache, Netapp, Oracle and 1 more 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more 2024-11-21 7.5 High
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-35515 4 Apache, Netapp, Oracle and 1 more 28 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 25 more 2024-11-21 7.5 High
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-35514 1 Narou Project 1 Narou 2024-11-21 9.8 Critical
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
CVE-2021-35513 1 Mermaid Project 1 Mermaid 2024-11-21 6.1 Medium
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
CVE-2021-35512 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 Medium
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVE-2021-35508 1 Terarecon 1 Aquariusnet 2024-11-21 8.8 High
NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service.
CVE-2021-35506 1 Afian 1 Filerun 2024-11-21 6.1 Medium
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.
CVE-2021-35505 1 Afian 1 Filerun 2024-11-21 7.2 High
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
CVE-2021-35504 1 Afian 1 Filerun 2024-11-21 7.2 High
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
CVE-2021-35503 1 Afian 1 Filerun 2024-11-21 6.1 Medium
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
CVE-2021-35502 1 Misp 1 Misp 2024-11-21 9.8 Critical
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.
CVE-2021-35501 1 Pandorafms 1 Pandora Fms 2024-11-21 5.4 Medium
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
CVE-2021-35500 1 Tibco 2 Data Virtualization, Data Virtualization For Aws Marketplace 2024-11-21 6.3 Medium
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.