Export limit exceeded: 348073 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79648 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45417 | 5 Advanced Intrusion Detection Environment Project, Canonical, Debian and 2 more | 11 Advanced Intrusion Detection Environment, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | 7.8 High |
| AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. | ||||
| CVE-2021-45406 | 1 Salonerp Project | 1 Salonerp | 2024-11-21 | 8.8 High |
| In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. | ||||
| CVE-2021-45394 | 1 Html2pdf Project | 1 Html2pdf | 2024-11-21 | 8.8 High |
| An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document. | ||||
| CVE-2021-45392 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 7.5 High |
| A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. | ||||
| CVE-2021-45391 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 7.5 High |
| A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service. | ||||
| CVE-2021-45379 | 1 Glewlwyd Project | 1 Glewlwyd | 2024-11-21 | 8.8 High |
| Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password. | ||||
| CVE-2021-45348 | 1 Attendance Management System Project | 1 Attendance Management System | 2024-11-21 | 7.5 High |
| An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash). | ||||
| CVE-2021-45347 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | ||||
| CVE-2021-45342 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Librecad | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | ||||
| CVE-2021-45341 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Librecad | 2024-11-21 | 8.8 High |
| A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | ||||
| CVE-2021-45339 | 1 Avast | 1 Antivirus | 2024-11-21 | 7.8 High |
| Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. | ||||
| CVE-2021-45338 | 1 Avast | 1 Antivirus | 2024-11-21 | 7.8 High |
| Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. | ||||
| CVE-2021-45337 | 1 Avast | 1 Antivirus | 2024-11-21 | 8.8 High |
| Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection. | ||||
| CVE-2021-45336 | 1 Avast | 1 Antivirus | 2024-11-21 | 8.8 High |
| Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges. | ||||
| CVE-2021-45335 | 1 Avast | 1 Antivirus | 2024-11-21 | 8.8 High |
| Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. | ||||
| CVE-2021-45326 | 1 Gitea | 1 Gitea | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | ||||
| CVE-2021-45325 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | ||||
| CVE-2021-45290 | 2 Fedoraproject, Webassembly | 2 Fedora, Binaryen | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | ||||
| CVE-2021-45268 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons | ||||
| CVE-2021-45266 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.5 High |
| A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash. | ||||