Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38957 1 Ibm 1 Security Verify Access 2024-11-21 7.5 High
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.
CVE-2021-38956 1 Ibm 1 Security Verify Access 2024-11-21 5.3 Medium
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038
CVE-2021-38924 1 Ibm 2 Maximo Application Suite, Maximo Asset Management 2024-11-21 7.5 High
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.
CVE-2021-38910 1 Ibm 1 Datapower Gateway 2024-11-21 5.3 Medium
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.
CVE-2021-38901 1 Ibm 1 Spectrum Protect Operations Center 2024-11-21 5.5 Medium
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.
CVE-2021-38894 1 Ibm 1 Security Verify Access 2024-11-21 2.7 Low
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.
CVE-2021-38859 3 Apple, Ibm, Microsoft 3 Macos, Security Verify Privilege On-premises, Windows 2024-11-21 4.3 Medium
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.
CVE-2021-38562 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2024-11-21 7.5 High
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2021-38554 1 Hashicorp 1 Vault 2024-11-21 5.3 Medium
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
CVE-2021-38512 2 Actix, Fedoraproject 2 Actix-http, Fedora 2024-11-21 7.5 High
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.
CVE-2021-38485 1 Emerson 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more 2024-11-21 8 High
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
CVE-2021-38476 1 Inhandnetworks 2 Ir615, Ir615 Firmware 2024-11-21 6.5 Medium
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.
CVE-2021-38455 1 Auvesy 1 Versiondog 2024-11-21 7.3 High
The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.
CVE-2021-38373 1 Kde 1 Kmail 2024-11-21 5.3 Medium
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
CVE-2021-38304 1 Ni 1 Ni-pal 2024-11-21 7.8 High
Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-38297 3 Fedoraproject, Golang, Redhat 4 Fedora, Go, Enterprise Linux and 1 more 2024-11-21 9.8 Critical
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVE-2021-38209 1 Linux 1 Linux Kernel 2024-11-21 3.3 Low
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.
CVE-2021-38205 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 3.3 Low
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
CVE-2021-38201 3 Linux, Netapp, Redhat 8 Linux Kernel, Element Software, Hci Bootstrap Os and 5 more 2024-11-21 7.5 High
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
CVE-2021-38182 1 Kyma-project 1 Kyma 2024-11-21 8.8 High
Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.