Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29418 | 1 Netmask Project | 1 Netmask | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.
|
|||||
| CVE-2021-29298 | 1 Emerson | 1 Proficy Machine Edition | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".
|
|||||
| CVE-2021-29242 | 1 Codesys | 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
|
|||||
| CVE-2021-29136 | 2 Linuxfoundation, Sylabs | 2 Umoci, Singularity | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.
|
|||||
| CVE-2021-28585 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails.
|
|||||
| CVE-2021-28547 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud Desktop Application, Macos, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority.
|
|||||
| CVE-2021-28170 | 3 Eclipse, Oracle, Quarkus | 4 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
|
|||||
| CVE-2021-27774 | 1 Hcltech | 1 Hcl Digital Experience | 2024-11-21 | N/A | 3.1 LOW |
|
User input included in error response, which could be used in a phishing attack.
|
|||||
| CVE-2021-27760 | 1 Hcltech | 1 Hcl Inotes | 2024-11-21 | 6.0 MEDIUM | 4.6 MEDIUM |
|
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
|
|||||
| CVE-2021-27660 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.
|
|||||
| CVE-2021-27643 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2021-27642 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2021-27641 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2021-27640 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2021-27639 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2021-27638 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2021-27617 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.
|
|||||
| CVE-2021-27420 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
|
|||||
| CVE-2021-27418 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
|
|||||
| CVE-2021-27388 | 1 Siemens | 6 Sinamics Sl150, Sinamics Sl150 Firmware, Sinamics Sm150 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
|
|||||
| CVE-2021-27196 | 1 Hitachienergy | 18 Fox615 Tego1, Fox615 Tego1 Firmware, Gms600 and 15 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This ...
Show More |
|||||
| CVE-2021-27179 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string.
|
|||||
| CVE-2021-26788 | 1 Oryx-embedded | 1 Cyclonetcp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a maliciously crafted TCP packet from an unauthenticated endpoint is sufficient to trigger the bug.
|
|||||
| CVE-2021-26736 | 1 Zscaler | 1 Client Connector | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.
|
|||||
| CVE-2021-26639 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2024-11-21 | N/A | 8.1 HIGH |
|
This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.
|
|||||
| CVE-2021-26631 | 1 Mangboard | 1 Commerce | 2024-11-21 | 5.0 MEDIUM | 8.0 HIGH |
|
Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.
|
|||||
| CVE-2021-26630 | 2 Handysoft, Microsoft | 2 Groupware, Windows | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
|
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.
|
|||||
| CVE-2021-26626 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
|
Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.
|
|||||
| CVE-2021-26624 | 1 Escanav | 1 Escan Anti-virus | 2024-11-21 | 10.0 HIGH | 7.8 HIGH |
|
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.
|
|||||
| CVE-2021-26622 | 2 Genians, Microsoft | 2 Genian Nac, Windows | 2024-11-21 | 10.0 HIGH | 9.6 CRITICAL |
|
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
|
|||||
| CVE-2021-26618 | 2 Microsoft, Tmax | 2 Windows, Tooffice | 2024-11-21 | 7.5 HIGH | 7.1 HIGH |
|
An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.
|
|||||
| CVE-2021-26617 | 2 Firstmall, Microsoft | 2 Firstmall, Windows | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function.
|
|||||
| CVE-2021-26613 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 5.0 MEDIUM | 8.1 HIGH |
|
improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method.
|
|||||
| CVE-2021-26612 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
|
|||||
| CVE-2021-26607 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
|
An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.
|
|||||
| CVE-2021-26606 | 2 Dreamsecurity, Microsoft | 2 Magicline4nx.exe, Windows | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.
|
|||||
| CVE-2021-26605 | 2 Microsoft, Unidocs | 2 Windows, Ezpdfreader | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
|
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.
|
|||||
| CVE-2021-26415 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
|
|||||
| CVE-2021-26370 | 1 Amd | 98 Epyc 7002, Epyc 7002 Firmware, Epyc 7232p and 95 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
|
Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.
|
|||||