Total
13170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46659 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | ||||
| CVE-2021-46658 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.5 Medium |
| save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | ||||
| CVE-2021-46657 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.5 Medium |
| get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | ||||
| CVE-2021-45916 | 1 Smr | 1 Shenwang Endpoint Protection Security System | 2024-11-21 | 3.5 Low |
| The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially. | ||||
| CVE-2021-45711 | 1 Simple Asn1 Project | 1 Simple Asn1 | 2024-11-21 | 7.5 High |
| An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f. | ||||
| CVE-2021-45687 | 1 Raw-cpuid Project | 1 Raw-cpuid | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic. | ||||
| CVE-2021-45223 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 6.5 Medium |
| An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes. | ||||
| CVE-2021-45105 | 6 Apache, Debian, Netapp and 3 more | 131 Log4j, Debian Linux, Cloud Manager and 128 more | 2024-11-21 | 5.9 Medium |
| Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | ||||
| CVE-2021-44832 | 6 Apache, Cisco, Debian and 3 more | 31 Log4j, Cloudcenter, Debian Linux and 28 more | 2024-11-21 | 6.6 Medium |
| Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. | ||||
| CVE-2021-44548 | 2 Apache, Microsoft | 2 Solr, Windows | 2024-11-21 | 9.8 Critical |
| An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. | ||||
| CVE-2021-44530 | 1 Ui | 1 Unifi Network Controller | 2024-11-21 | 9.8 Critical |
| An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. | ||||
| CVE-2021-44483 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-11-21 | 7.5 High |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. | ||||
| CVE-2021-44482 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-11-21 | 7.5 High |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. | ||||
| CVE-2021-44481 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-11-21 | 7.5 High |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. | ||||
| CVE-2021-44422 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | 7.8 High |
| An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-44221 | 1 Siemens | 1 Simatic Easie Core Package | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system. | ||||
| CVE-2021-44040 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. | ||||
| CVE-2021-43877 | 1 Microsoft | 3 Asp.net Core, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | 8.8 High |
| ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2021-43861 | 1 Mermaid Project | 1 Mermaid | 2024-11-21 | 7.2 High |
| Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading. | ||||
| CVE-2021-43803 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2024-11-21 | 7.5 High |
| Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. | ||||