Export limit exceeded: 79528 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79528 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40986 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-40981 | 1 Asus | 1 Armoury Crate Lite Service | 2024-11-21 | 7.3 High |
| ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. | ||||
| CVE-2021-40978 | 1 Mkdocs | 1 Mkdocs | 2024-11-21 | 7.5 High |
| The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1 | ||||
| CVE-2021-40961 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 8.8 High |
| CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | ||||
| CVE-2021-40956 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 7.5 High |
| LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | ||||
| CVE-2021-40955 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 7.2 High |
| SQL injection exists in LaiKetui v3.5.0 the background administrator list. | ||||
| CVE-2021-40941 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). | ||||
| CVE-2021-40905 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner | ||||
| CVE-2021-40904 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. | ||||
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | ||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | ||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | ||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | ||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | ||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | ||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | ||||
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | ||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | ||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | ||||
| CVE-2021-40884 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 8.1 High |
| Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application. | ||||