Search Results (85618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-21779 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2024-11-21 8.8 High
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
CVE-2021-21778 1 Mz-automation 1 Lib60870 2024-11-21 7.5 High
A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability.
CVE-2021-21776 1 Accusoft 1 Imagegear 2024-11-21 8.8 High
An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-21775 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2024-11-21 8.0 High
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.
CVE-2021-21773 1 Accusoft 1 Imagegear 2024-11-21 7.8 High
An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-21772 3 3mf, Debian, Fedoraproject 3 Lib3mf, Debian Linux, Fedora 2024-11-21 8.1 High
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-21751 1 Zte 1 Zxin10 Cms 2024-11-21 8.1 High
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
CVE-2021-21750 1 Zte 1 Zxin10 Cms 2024-11-21 7.8 High
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
CVE-2021-21744 1 Zte 2 Mf971r, Mf971r Firmware 2024-11-21 7.5 High
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.
CVE-2021-21737 1 Zte 2 Zxv10 B860h V5.0, Zxv10 B860h V5.0 Firmware 2024-11-21 7.5 High
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016
CVE-2021-21736 1 Zte 2 Zxhn Hs562, Zxhn Hs562 Firmware 2024-11-21 7.2 High
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E
CVE-2021-21732 1 Zte 2 Axon 11 5g, Axon 11 5g Firmware 2024-11-21 7.5 High
A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axon 11 5G ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys.
CVE-2021-21727 1 Zte 2 Zxhn F623, Zxhn F623 Firmware 2024-11-21 7.5 High
A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33>
CVE-2021-21723 1 Zte 10 Zxr10 9904, Zxr10 9904-s, Zxr10 9904-s Firmware and 7 more 2024-11-21 7.5 High
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
CVE-2021-21708 2 Php, Redhat 5 Php, Enterprise Linux, Rhel Aus and 2 more 2024-11-21 8.2 High
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2021-21703 6 Debian, Fedoraproject, Netapp and 3 more 7 Debian Linux, Fedora, Clustered Data Ontap and 4 more 2024-11-21 7.8 High
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2021-21698 2 Jenkins, Redhat 2 Subversion, Openshift 2024-11-21 7.5 High
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
CVE-2021-21695 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 8.8 High
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
CVE-2021-21688 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 7.5 High
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).
CVE-2021-21686 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 8.1 High
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.