Export limit exceeded: 79592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79592 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43493 | 1 Servermanagement Project | 1 Servermanagement | 2024-11-21 | 7.5 High |
| ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code. | ||||
| CVE-2021-43492 | 1 Alquistai | 1 Alquist | 2024-11-21 | 7.5 High |
| AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. | ||||
| CVE-2021-43483 | 1 Claro | 2 Kaon Cg3000, Kaon Cg3000 Firmware | 2024-11-21 | 8.0 High |
| An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. | ||||
| CVE-2021-43471 | 1 Canon | 2 Lbp223dw, Lbp223dw Firmware | 2024-11-21 | 7.5 High |
| In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | ||||
| CVE-2021-43469 | 1 Vinga | 2 Wr-n300u, Wr-n300u Firmware | 2024-11-21 | 8.8 High |
| VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. | ||||
| CVE-2021-43464 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 8.8 High |
| A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval(). | ||||
| CVE-2021-43463 | 1 Ext2 File System Driver Project | 1 Ext2 File System Driver | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. | ||||
| CVE-2021-43460 | 1 Systemexplorer | 1 System Explorer | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. | ||||
| CVE-2021-43458 | 1 Vembu | 1 Bdr Suite | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. | ||||
| CVE-2021-43457 | 1 Bvpn | 1 Bvpn | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. | ||||
| CVE-2021-43456 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. | ||||
| CVE-2021-43455 | 1 Freelan | 1 Freelan | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. | ||||
| CVE-2021-43454 | 1 Anytxt | 1 Anytxt Searcher | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . | ||||
| CVE-2021-43442 | 1 I3international | 6 Ax46, Ax46 Firmware, Ax68 and 3 more | 2024-11-21 | 8.1 High |
| A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. | ||||
| CVE-2021-43437 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 8.8 High |
| In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host. And It's possible to send requests with arbitrary Host Headers to the first virtual host. | ||||
| CVE-2021-43430 | 1 Bigantsoft | 1 Bigant Office Messenger 5 | 2024-11-21 | 8.8 High |
| An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | ||||
| CVE-2021-43429 | 1 Seagate | 1 Cortx-s3 Server | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. | ||||
| CVE-2021-43419 | 1 Opayweb | 1 Opay | 2024-11-21 | 7.5 High |
| An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. | ||||
| CVE-2021-43415 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 8.8 High |
| HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. | ||||
| CVE-2021-43414 | 1 Gnu | 1 Hurd | 2024-11-21 | 7.0 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | ||||