Export limit exceeded: 336544 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9873 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27928 | 5 Debian, Galeracluster, Mariadb and 2 more | 8 Debian Linux, Wsrep, Mariadb and 5 more | 2024-11-21 | 7.2 High |
| A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. | ||||
| CVE-2021-27903 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). | ||||
| CVE-2021-27850 | 1 Apache | 1 Tapestry | 2024-11-21 | 9.8 Critical |
| A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later. | ||||
| CVE-2021-27760 | 1 Hcltech | 1 Hcl Inotes | 2024-11-21 | 4.6 Medium |
| An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code. | ||||
| CVE-2021-27602 | 1 Sap | 1 Commerce | 2024-11-21 | 9.9 Critical |
| SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application. | ||||
| CVE-2021-27335 | 1 Kollectapp | 1 Kollect | 2024-11-21 | 9.8 Critical |
| KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | ||||
| CVE-2021-27236 | 1 Mutare | 1 Voice | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution. | ||||
| CVE-2021-27229 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | 8.8 High |
| Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | ||||
| CVE-2021-27198 | 1 Visualware | 1 Myconnection Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. | ||||
| CVE-2021-27183 | 1 Altn | 1 Mdaemon | 2024-11-21 | 7.2 High |
| An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution. | ||||
| CVE-2021-27112 | 1 Lightcms Project | 1 Lightcms | 2024-11-21 | 9.8 Critical |
| LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. | ||||
| CVE-2021-27095 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Media Video Decoder Remote Code Execution Vulnerability | ||||
| CVE-2021-27089 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Microsoft Internet Messaging API Remote Code Execution Vulnerability | ||||
| CVE-2021-27083 | 1 Microsoft | 1 Remote Development | 2024-11-21 | 7.8 High |
| Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-27082 | 1 Microsoft | 1 Quantum Development Kit | 2024-11-21 | 7.8 High |
| Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-27078 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.1 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-27076 | 1 Microsoft | 3 Business Productivity Servers, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2021-27068 | 1 Microsoft | 1 Visual Studio 2019 | 2024-11-21 | 8.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2021-27062 | 1 Microsoft | 1 High Efficiency Video Coding | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-27061 | 1 Microsoft | 1 High Efficiency Video Coding | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||