Total
9742 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3910 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | |||||
CVE-2021-36343 | 1 Dell | 668 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 665 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2021-0651 | 1 Google | 1 Android | 2024-02-28 | 4.7 MEDIUM | 5.5 MEDIUM |
In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844 | |||||
CVE-2021-22286 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | |||||
CVE-2021-44419 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-28 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-44371 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-28 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-35611 | 1 Oracle | 1 Sales Offline | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Offline Template). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Sales Offline. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2021-44377 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-28 | 6.8 MEDIUM | 7.7 HIGH |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | |||||
CVE-2021-34790 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. | |||||
CVE-2021-33609 | 1 Vaadin | 1 Vaadin | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data. | |||||
CVE-2021-21705 | 3 Netapp, Oracle, Php | 3 Clustered Data Ontap, Sd-wan Aware, Php | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. | |||||
CVE-2021-33498 | 1 Pexip | 1 Infinity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). | |||||
CVE-2021-26607 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems. | |||||
CVE-2021-0069 | 1 Intel | 31 7265, 7265 Firmware, 9260 Firmware and 28 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
CVE-2022-20019 | 2 Google, Mediatek | 40 Android, Mt6595, Mt6735 and 37 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. | |||||
CVE-2021-22288 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | |||||
CVE-2021-37019 | 1 Huawei | 1 Harmonyos | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
CVE-2021-38973 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
CVE-2021-25452 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. |