Export limit exceeded: 347893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79588 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43405 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | ||||
| CVE-2021-43404 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | ||||
| CVE-2021-43399 | 1 Yubico | 1 Yubihsm 2 Software Development Kit | 2024-11-21 | 7.5 High |
| The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | ||||
| CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 8.8 High |
| LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | ||||
| CVE-2021-43396 | 2 Gnu, Oracle | 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-11-21 | 7.5 High |
| In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. | ||||
| CVE-2021-43391 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43390 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2024-11-21 | 7.5 High |
| Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | ||||
| CVE-2021-43360 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43359 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43358 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.5 High |
| Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | ||||
| CVE-2021-43339 | 1 Ericsson | 1 Network Location | 2024-11-21 | 8.8 High |
| In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created. | ||||
| CVE-2021-43336 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Jt2go, Solid Edge and 1 more | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43326 | 2 Automox, Microsoft | 2 Automox, Windows | 2024-11-21 | 7.8 High |
| Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. | ||||
| CVE-2021-43325 | 2 Automox, Microsoft | 2 Automox, Windows | 2024-11-21 | 7.8 High |
| Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. | ||||
| CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | ||||
| CVE-2021-43289 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 7.5 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename. | ||||
| CVE-2021-43287 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 7.5 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | ||||
| CVE-2021-43286 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 8.8 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code. | ||||
| CVE-2021-43284 | 1 Govicture | 2 Wr1200, Wr1200 Firmware | 2024-11-21 | 7.8 High |
| An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface). | ||||