Export limit exceeded: 79585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79585 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43101 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | ||||
| CVE-2021-43100 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | ||||
| CVE-2021-43098 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. | ||||
| CVE-2021-43097 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. | ||||
| CVE-2021-43091 | 1 Yeswiki | 1 Yeswiki | 2024-11-21 | 7.5 High |
| An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | ||||
| CVE-2021-43083 | 1 Apache | 1 Plc4x | 2024-11-21 | 8.8 High |
| Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together. | ||||
| CVE-2021-43077 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. | ||||
| CVE-2021-43075 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. | ||||
| CVE-2021-43073 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2021-43071 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. | ||||
| CVE-2021-43067 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 8.3 High |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. | ||||
| CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 8.4 High |
| A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | ||||
| CVE-2021-43065 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 7.8 High |
| A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. | ||||
| CVE-2021-43057 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task. | ||||
| CVE-2021-43054 | 1 Tibco | 1 Eftl | 2024-11-21 | 7.1 High |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | ||||
| CVE-2021-43053 | 1 Tibco | 1 Ftl | 2024-11-21 | 8.5 High |
| The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. | ||||
| CVE-2021-43051 | 1 Tibco | 1 Spotfire Server | 2024-11-21 | 7.1 High |
| The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. | ||||
| CVE-2021-43050 | 1 Tibco | 1 Businessconnect | 2024-11-21 | 8.4 High |
| The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | ||||
| CVE-2021-43046 | 1 Tibco | 1 Partnerexpress | 2024-11-21 | 7.5 High |
| The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. | ||||
| CVE-2021-43045 | 1 Apache | 1 Avro | 2024-11-21 | 7.5 High |
| A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. | ||||