Search Results (44126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-26336 1 Amd 190 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 187 more 2024-11-21 5.5 Medium
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
CVE-2021-26330 1 Amd 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more 2024-11-21 5.5 Medium
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
CVE-2021-26329 1 Amd 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more 2024-11-21 5.5 Medium
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
CVE-2021-26260 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2024-11-21 5.5 Medium
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
CVE-2021-26109 1 Fortinet 1 Fortios 2024-11-21 8.1 High
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
CVE-2021-25962 1 Shuup 1 Shuup 2024-11-21 8 High
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.
CVE-2021-25960 1 Salesagility 1 Suitecrm 2024-11-21 8 High
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.
CVE-2021-25953 1 Putil-merge Project 1 Putil-merge 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25952 1 Just-safe-set Project 1 Just-safe-set 2024-11-21 9.8 Critical
Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25949 1 Set-getter Project 1 Set-getter 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25948 1 Expand-hash Project 1 Expand-hash 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25947 1 Nestie Project 1 Nestie 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25946 1 Nconf-toml Project 1 Nconf-toml 2024-11-21 9.8 Critical
Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25945 1 Js-extend Project 1 Js-extend 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25944 1 Deep-defaults Project 1 Deep-defaults 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25913 1 Set-or-get Project 1 Set-or-get 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25912 1 Dotty Project 1 Dotty 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.
CVE-2021-25901 1 Lazy-init Project 1 Lazy-init 2024-11-21 5.3 Medium
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
CVE-2021-25849 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 7.5 High
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
CVE-2021-25848 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 9.1 Critical
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.