Export limit exceeded: 79640 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79640 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44705 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-44704 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-44703 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-44701 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-44683 | 1 Duckduckgo | 1 Duckduckgo | 2024-11-21 | 8.2 High |
| The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site. | ||||
| CVE-2021-44673 | 1 Croogo | 1 Croogo | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | ||||
| CVE-2021-44664 | 1 Xerte | 1 Xerte | 2024-11-21 | 8.8 High |
| An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable. | ||||
| CVE-2021-44657 | 1 Stackstorm | 1 Stackstorm | 2024-11-21 | 8.8 High |
| In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default. | ||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-11-21 | 7.8 High |
| Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | ||||
| CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | ||||
| CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 7.2 High |
| Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | ||||
| CVE-2021-44648 | 4 Debian, Fedoraproject, Gnome and 1 more | 4 Debian Linux, Fedora, Gdkpixbuf and 1 more | 2024-11-21 | 8.8 High |
| GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | ||||
| CVE-2021-44599 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 7.5 High |
| The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system. | ||||
| CVE-2021-44595 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 8.8 High |
| Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. | ||||
| CVE-2021-44593 | 1 Simple College Website Project | 1 Simple College Website | 2024-11-21 | 8.1 High |
| Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | ||||
| CVE-2021-44586 | 1 Dst-admin Project | 1 Dst-admin | 2024-11-21 | 7.5 High |
| An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information. | ||||
| CVE-2021-44582 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 8.8 High |
| A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. | ||||
| CVE-2021-44581 | 1 Kreado | 1 Kreasfero | 2024-11-21 | 7.5 High |
| An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. | ||||
| CVE-2021-44564 | 1 Kalkitech | 40 Sync2000-m1, Sync2000-m1 Firmware, Sync2000-m2 and 37 more | 2024-11-21 | 8.1 High |
| A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). | ||||
| CVE-2021-44549 | 2 Apache, Redhat | 3 Sling Commons Messaging Mail, Ocp Tools, Quarkus | 2024-11-21 | 7.4 High |
| Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429 | ||||