Export limit exceeded: 35188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35188 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34148 | 1 Cypress | 2 Cyw20735b1, Wireless Internet Connectivity For Embedded Devices | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. | ||||
| CVE-2021-34147 | 1 Cypress | 2 Cyw20735b1, Wireless Internet Connectivity For Embedded Devices | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. | ||||
| CVE-2021-34146 | 1 Cypress | 4 Cyw20735b1, Cyw20735b1 Firmware, Cyw920735q60evb-01 and 1 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. | ||||
| CVE-2021-34145 | 1 Cypress | 2 Cyw20735b1, Wireless Internet Connectivity For Embedded Devices | 2024-11-21 | 5.3 Medium |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. | ||||
| CVE-2021-34144 | 1 Zh-jieli | 15 Ac6936, Ac6951, Ac6952 and 12 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. | ||||
| CVE-2021-34143 | 1 Zh-jieli | 15 Ac6936, Ac6951, Ac6952 and 12 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device. | ||||
| CVE-2021-33911 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | ||||
| CVE-2021-33903 | 1 Lancom-systems | 1 Lcos | 2024-11-21 | 8.8 High |
| In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.) | ||||
| CVE-2021-33823 | 1 Moxa | 2 Mgate Mb3180, Mgate Mb3180 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. | ||||
| CVE-2021-33820 | 1 Ui | 2 Camera G3 Flex, Camera G3 Flex Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. | ||||
| CVE-2021-33794 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 9.1 Critical |
| Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. | ||||
| CVE-2021-33788 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.5 High |
| Windows LSA Denial of Service Vulnerability | ||||
| CVE-2021-33786 | 1 Microsoft | 9 Windows Server 2004, Windows Server 2008, Windows Server 2008 R2 and 6 more | 2024-11-21 | 8.1 High |
| Windows LSA Security Feature Bypass Vulnerability | ||||
| CVE-2021-33785 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-11-21 | 7.5 High |
| Windows AF_UNIX Socket Provider Denial of Service Vulnerability | ||||
| CVE-2021-33784 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-11-21 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2021-33783 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 6.5 Medium |
| Windows SMB Information Disclosure Vulnerability | ||||
| CVE-2021-33782 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 5.5 Medium |
| Windows Authenticode Spoofing Vulnerability | ||||
| CVE-2021-33781 | 1 Microsoft | 11 Windows 10, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | 8.1 High |
| Azure AD Security Feature Bypass Vulnerability | ||||
| CVE-2021-33780 | 1 Microsoft | 9 Windows Server 2004, Windows Server 2008, Windows Server 2008 R2 and 6 more | 2024-11-21 | 8.8 High |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2021-33779 | 1 Microsoft | 4 Windows Server 2004, Windows Server 2016, Windows Server 2019 and 1 more | 2024-11-21 | 8.1 High |
| Windows AD FS Security Feature Bypass Vulnerability | ||||