Export limit exceeded: 346601 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31939 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-31938 | 1 Microsoft | 1 Kubernetes Tools | 2024-11-21 | 7.3 High |
| Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability | ||||
| CVE-2021-31936 | 1 Microsoft | 1 Accessibility Insights For Web | 2024-11-21 | 7.4 High |
| Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | ||||
| CVE-2021-31933 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 7.2 High |
| A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution. | ||||
| CVE-2021-31928 | 1 Annexcloud | 1 Loyalty Experience Platform | 2024-11-21 | 8.8 High |
| Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2. | ||||
| CVE-2021-31925 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.5 High |
| Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. | ||||
| CVE-2021-31922 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2024-11-21 | 7.5 High |
| An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. | ||||
| CVE-2021-31919 | 1 Rkyv Project | 1 Rkyv | 2024-11-21 | 7.5 High |
| An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct. | ||||
| CVE-2021-31918 | 1 Redhat | 1 Openstack | 2024-11-21 | 7.5 High |
| A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-31913 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. | ||||
| CVE-2021-31912 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 8.8 High |
| In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. | ||||
| CVE-2021-31910 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. | ||||
| CVE-2021-31905 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. | ||||
| CVE-2021-31902 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. | ||||
| CVE-2021-31901 | 1 Jetbrains | 1 Hub | 2024-11-21 | 7.5 High |
| In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. | ||||
| CVE-2021-31899 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 8.8 High |
| In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode. | ||||
| CVE-2021-31898 | 1 Jetbrains | 1 Webstorm | 2024-11-21 | 7.5 High |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | ||||
| CVE-2021-31894 | 1 Siemens | 8 Simatic Pcs 7, Simatic Pcs 7 Firmware, Simatic Pdm and 5 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software. | ||||
| CVE-2021-31893 | 1 Siemens | 8 Simatic Pcs, Simatic Pcs Firmware, Simatic Pdm and 5 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution. | ||||
| CVE-2021-31892 | 1 Siemens | 20 Sinumerik Analyse Mycondition, Sinumerik Analyse Mycondition Firmware, Sinumerik Analyze Myperformance and 17 more | 2024-11-21 | 7.4 High |
| A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario. | ||||