Vulnerabilities (CVE)

Filtered by CWE-20
Total 9855 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43588 1 Dell 1 Emc Data Protection Central 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
CVE-2021-43548 1 Philips 1 Patient Information Center Ix 2024-11-21 3.3 LOW 6.5 MEDIUM
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
CVE-2021-43448 1 Onlyoffice 1 Server 2024-11-21 N/A 5.3 MEDIUM
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known.
CVE-2021-43406 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
CVE-2021-42786 1 Riverbed 1 Steelcentral Appinternals Dynamic Sampling Agent 2024-11-21 7.5 HIGH 9.8 CRITICAL
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.
CVE-2021-42555 1 Pexip 1 Infinity 2024-11-21 5.0 MEDIUM 7.5 HIGH
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
CVE-2021-42257 1 Check Smart Project 1 Check Smart 2024-11-21 3.6 LOW 7.1 HIGH
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
CVE-2021-42122 1 Businessdnasolutions 1 Topease 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the affected attribute non-editable.
CVE-2021-42121 1 Businessdnasolutions 1 Topease 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.
CVE-2021-42070 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 3.3 LOW
When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application
CVE-2021-42068 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 3.3 LOW
When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-42009 1 Apache 1 Traffic Control 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
CVE-2021-41945 1 Encode 1 Httpx 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
CVE-2021-41844 1 Crocoblock 1 Jetengine 2024-11-21 7.5 HIGH 9.8 CRITICAL
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
CVE-2021-41789 1 Mediatek 4 Mt7615, Mt7615 Firmware, Mt7622 and 1 more 2024-11-21 6.1 MEDIUM 6.5 MEDIUM
In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.
CVE-2021-41788 1 Mediatek 16 Mt7603e, Mt7603e Firmware, Mt7612 and 13 more 2024-11-21 7.8 HIGH 6.5 MEDIUM
MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. (Affected Chipsets MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0).
CVE-2021-41772 3 Fedoraproject, Golang, Oracle 3 Fedora, Go, Timesten In-memory Database 2024-11-21 5.0 MEDIUM 7.5 HIGH
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
CVE-2021-41769 1 Siemens 62 6md85, 6md85 Firmware, 6md86 and 59 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.
CVE-2021-41585 1 Apache 1 Traffic Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
CVE-2021-41583 3 Debian, Eduvpn, Fedoraproject 3 Debian Linux, Vpn-user-portal, Fedora 2024-11-21 9.0 HIGH 6.5 MEDIUM
vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access.