Export limit exceeded: 35123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23876 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.8 High |
| Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware. | ||||
| CVE-2021-23845 | 1 Bosch | 8 B426, B426-cn, B426-cn Firmware and 5 more | 2024-11-21 | 8 High |
| This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. | ||||
| CVE-2021-23639 | 1 Markdown To Pdf Project | 1 Markdown To Pdf | 2024-11-21 | 9.8 Critical |
| The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. | ||||
| CVE-2021-23555 | 2 Redhat, Vm2 Project | 2 Acm, Vm2 | 2024-11-21 | 9.8 Critical |
| The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | ||||
| CVE-2021-23432 | 1 Mootools Project | 1 Mootools | 2024-11-21 | 5.4 Medium |
| This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() | ||||
| CVE-2021-23425 | 2 Redhat, Trim-off-newlines Project | 2 Rhev Manager, Trim-off-newlines | 2024-11-21 | 5.3 Medium |
| All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. | ||||
| CVE-2021-23424 | 1 Ansi-html Project | 1 Ansi-html | 2024-11-21 | 7.5 High |
| This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. | ||||
| CVE-2021-23413 | 1 Jszip Project | 1 Jszip | 2024-11-21 | 5.3 Medium |
| This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. | ||||
| CVE-2021-23409 | 1 Go-proxyproto Project | 1 Go-proxyproto | 2024-11-21 | 7.5 High |
| The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. | ||||
| CVE-2021-23406 | 1 Pac-resolver Project | 1 Pac-resolver | 2024-11-21 | 8.1 High |
| This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. | ||||
| CVE-2021-23392 | 1 Locutus | 1 Locutus | 2024-11-21 | 5.3 Medium |
| The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function. | ||||
| CVE-2021-23388 | 1 Forms Project | 1 Forms | 2024-11-21 | 5.3 Medium |
| The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. | ||||
| CVE-2021-23371 | 1 Chrono-node Project | 1 Chrono-node | 2024-11-21 | 7.5 High |
| This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. | ||||
| CVE-2021-23370 | 1 Swiperjs | 1 Swiper | 2024-11-21 | 7.5 High |
| This affects the package swiper before 6.5.1. | ||||
| CVE-2021-23369 | 2 Handlebarsjs, Redhat | 5 Handlebars, Acm, Jboss Enterprise Bpms Platform and 2 more | 2024-11-21 | 5.6 Medium |
| The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | ||||
| CVE-2021-23368 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
| The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | ||||
| CVE-2021-23353 | 1 Parall | 1 Jspdf | 2024-11-21 | 5.9 Medium |
| This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. | ||||
| CVE-2021-23351 | 2 Fedoraproject, Go-proxyproto Project | 2 Fedora, Go-proxyproto | 2024-11-21 | 4.4 Medium |
| The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed V1 header could be used to exhaust memory in a server process using this code - and create a DoS. This can be exploited by sending a stream starting with PROXY and continuing to send data (which does not contain a newline) until the target stops acknowledging. The risk here is small, because only trusted sources should be allowed to send proxy protocol headers. | ||||
| CVE-2021-23343 | 2 Path-parse Project, Redhat | 7 Path-parse, Acm, Advanced Cluster Security and 4 more | 2024-11-21 | 5.3 Medium |
| All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity. | ||||
| CVE-2021-23341 | 1 Prismjs | 1 Prism | 2024-11-21 | 7.5 High |
| The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. | ||||