Export limit exceeded: 347987 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347987 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79618 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44149 | 2 Linaro, Nxp | 2 Op-tee, I.mx 6ultralite | 2024-11-21 | 7.8 High |
| An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. | ||||
| CVE-2021-44139 | 1 Hashicorp | 1 Sentinel | 2024-11-21 | 7.5 High |
| Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). | ||||
| CVE-2021-44138 | 1 Caucho | 1 Resin | 2024-11-21 | 7.5 High |
| There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. | ||||
| CVE-2021-44132 | 1 C-data Onu4ferw Project | 2 C-data Onu4ferw, C-data Onu4ferw Firmware | 2024-11-21 | 7.8 High |
| A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. | ||||
| CVE-2021-44124 | 1 Hiby | 2 R3 Pro, R3 Pro Firmware | 2024-11-21 | 7.5 High |
| Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP. | ||||
| CVE-2021-44123 | 1 Spip | 1 Spip | 2024-11-21 | 8.8 High |
| SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it. | ||||
| CVE-2021-44122 | 1 Spip | 1 Spip | 2024-11-21 | 8.8 High |
| SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF). | ||||
| CVE-2021-44117 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. | ||||
| CVE-2021-44109 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
| A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. | ||||
| CVE-2021-44108 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
| A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. | ||||
| CVE-2021-44094 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 7.8 High |
| ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | ||||
| CVE-2021-44082 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 8.3 High |
| textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. | ||||
| CVE-2021-44081 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. | ||||
| CVE-2021-44080 | 1 Sercomm | 2 H500s, H500s Firmware | 2024-11-21 | 7.2 High |
| A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. | ||||
| CVE-2021-44078 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-11-21 | 8.1 High |
| An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine. | ||||
| CVE-2021-44057 | 1 Qnap | 1 Photo Station | 2024-11-21 | 7.1 High |
| An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later | ||||
| CVE-2021-44056 | 1 Qnap | 1 Video Station | 2024-11-21 | 7.1 High |
| An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later | ||||
| CVE-2021-44051 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 8.8 High |
| A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later | ||||
| CVE-2021-44049 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 7.8 High |
| CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | ||||
| CVE-2021-44048 | 1 Opendesign | 1 Drawings Explorer | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||