Export limit exceeded: 79646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45033 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. | ||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2024-11-21 | 7.7 High |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | ||||
| CVE-2021-45027 | 1 Softlinkint | 1 Oliver V5 Library | 2024-11-21 | 7.5 High |
| An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. | ||||
| CVE-2021-45025 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 7.5 High |
| ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. | ||||
| CVE-2021-45017 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. | ||||
| CVE-2021-45008 | 1 Plesk | 1 Plesk | 2024-11-21 | 8.8 High |
| Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users | ||||
| CVE-2021-44988 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. | ||||
| CVE-2021-44981 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 8.8 High |
| In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(''); function, which allows for privilege escalation by means of RCE. | ||||
| CVE-2021-44977 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 7.5 High |
| In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | ||||
| CVE-2021-44968 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.8 High |
| A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018] | ||||
| CVE-2021-44965 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | ||||
| CVE-2021-44954 | 1 Qvis | 4 Dvr, Dvr Firmware, Nvr and 1 more | 2024-11-21 | 7.8 High |
| In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. | ||||
| CVE-2021-44915 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.2 High |
| Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | ||||
| CVE-2021-44905 | 1 Cef | 2 Fortessa Ftbtld, Fortessa Ftbtld Firmware | 2024-11-21 | 8.2 High |
| Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. | ||||
| CVE-2021-44903 | 1 Msi | 1 Center Pro | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44901 | 1 Msi | 1 Dragon Center | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44900 | 1 Msi | 1 App Player | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44899 | 1 Msi | 1 Center | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44892 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | ||||
| CVE-2021-44878 | 1 Pac4j | 1 Pac4j | 2024-11-21 | 7.5 High |
| If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value. | ||||