Export limit exceeded: 79573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41651 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 7.5 High |
| A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. | ||||
| CVE-2021-41648 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-11-21 | 7.5 High |
| An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input. | ||||
| CVE-2021-41645 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-11-21 | 8.8 High |
| Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | ||||
| CVE-2021-41641 | 1 Deno | 1 Deno | 2024-11-21 | 8.4 High |
| Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. | ||||
| CVE-2021-41638 | 1 Melag | 1 Ftp Server | 2024-11-21 | 7.5 High |
| The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | ||||
| CVE-2021-41637 | 1 Melag | 1 Ftp Server | 2024-11-21 | 7.1 High |
| Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. | ||||
| CVE-2021-41635 | 2 Melag, Microsoft | 2 Ftp Server, Windows | 2024-11-21 | 8.8 High |
| When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | ||||
| CVE-2021-41619 | 1 Gradle | 1 Enterprise | 2024-11-21 | 7.2 High |
| An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application. | ||||
| CVE-2021-41617 | 6 Fedoraproject, Netapp, Openbsd and 3 more | 15 Fedora, Active Iq Unified Manager, Aff 500f and 12 more | 2024-11-21 | 7.0 High |
| sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. | ||||
| CVE-2021-41611 | 2 Fedoraproject, Squid-cache | 2 Fedora, Squid | 2024-11-21 | 7.5 High |
| An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. | ||||
| CVE-2021-41608 | 1 Classapps | 1 Selectsurvey.net | 2024-11-21 | 7.5 High |
| A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | ||||
| CVE-2021-41599 | 1 Github | 1 Enterprise Server | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2021-41598 | 1 Github | 1 Enterprise Server | 2024-11-21 | 8.8 High |
| A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2021-41597 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive. | ||||
| CVE-2021-41593 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2024-11-21 | 8.6 High |
| Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. | ||||
| CVE-2021-41588 | 1 Gradle | 1 Gradle | 2024-11-21 | 8.1 High |
| In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. | ||||
| CVE-2021-41587 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.5 High |
| In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. | ||||
| CVE-2021-41586 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.5 High |
| In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. | ||||
| CVE-2021-41585 | 1 Apache | 1 Traffic Server | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0. | ||||
| CVE-2021-41584 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.5 High |
| Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. | ||||