Total
83418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21946 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is lower than 9. | |||||
| CVE-2021-21945 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the second 12 bits from local variable. | |||||
| CVE-2021-21944 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the first 12 bits from local variable. | |||||
| CVE-2021-21943 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21942 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21939 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21936 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21917 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21916 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21915 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21914 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21912 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21911 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21910 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21909 | 1 Garrett | 2 Ic Module, Ic Module Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability | |||||
| CVE-2021-21906 | 1 Garrett | 1 Ic Module Cma | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function. | |||||
| CVE-2021-21905 | 1 Garrett | 1 Ic Module Cma | 2024-11-21 | 8.5 HIGH | 7.2 HIGH |
| Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device. | |||||
| CVE-2021-21904 | 1 Garrett | 1 Ic Module Cma | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability | |||||
| CVE-2021-21902 | 1 Garrett | 1 Ic Module Cma | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-21901 | 1 Garrett | 1 Ic Module Cma | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability. | |||||