Search Results (363335 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27502 1 Ti 14 Cc3200, Cc3220r, Cc3220s and 11 more 2024-11-21 7.4 High
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.
CVE-2021-27499 1 Ypsomed 2 Mylife, Mylife Cloud 2024-11-21 5.9 Medium
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages.
CVE-2021-27496 3 Datakit, Luxion, Siemens 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more 2024-11-21 7.8 High
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-27495 1 Ypsomed 2 Mylife, Mylife Cloud 2024-11-21 7.1 High
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
CVE-2021-27494 3 Datakit, Luxion, Siemens 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more 2024-11-21 7.8 High
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing STP files. This could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-27492 3 Datakit, Luxion, Siemens 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more 2024-11-21 5.5 Medium
When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.
CVE-2021-27491 1 Ypsomed 2 Mylife, Mylife Cloud 2024-11-21 7.5 High
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
CVE-2021-27490 3 Datakit, Luxion, Siemens 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more 2024-11-21 7.8 High
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
CVE-2021-27489 1 Zoll 1 Defibrillator Dashboard 2024-11-21 8.8 High
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands.
CVE-2021-27488 3 Datakit, Luxion, Siemens 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more 2024-11-21 7.8 High
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-27487 1 Zoll 1 Defibrillator Dashboard 2024-11-21 5.5 Medium
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
CVE-2021-27486 1 Fatek 1 Winproladder 2024-11-21 7.8 High
FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.
CVE-2021-27485 1 Zoll 1 Defibrillator Dashboard 2024-11-21 7.5 High
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
CVE-2021-27483 1 Zoll 1 Defibrillator Dashboard 2024-11-21 7.8 High
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
CVE-2021-27481 1 Zoll 1 Defibrillator Dashboard 2024-11-21 5.5 Medium
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
CVE-2021-27480 1 Deltaww 1 Industrial Automation Commgr 2024-11-21 9.8 Critical
Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code.
CVE-2021-27479 1 Zoll 1 Defibrillator Dashboard 2024-11-21 5.4 Medium
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
CVE-2021-27477 1 Jtekt 44 2port-efr, 2port-efr Firmware, Fl\/et-t-v2h and 41 more 2024-11-21 7.5 High
When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.
CVE-2021-27467 1 Emerson 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more 2024-11-21 6.1 Medium
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.
CVE-2021-27465 1 Emerson 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more 2024-11-21 6.1 Medium
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.