Export limit exceeded: 79511 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79511 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40636 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | ||||
| CVE-2021-40635 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. | ||||
| CVE-2021-40633 | 1 Giflib Project | 1 Giflib | 2024-11-21 | 8.8 High |
| A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | ||||
| CVE-2021-40578 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 7.2 High |
| Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. | ||||
| CVE-2021-40571 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40570 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40568 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40556 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 8.8 High |
| A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. | ||||
| CVE-2021-40553 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | ||||
| CVE-2021-40527 | 1 Onepeloton | 1 Peloton | 2024-11-21 | 8.6 High |
| Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application. | ||||
| CVE-2021-40523 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted. | ||||
| CVE-2021-40516 | 2 Debian, Weechat | 2 Debian Linux, Weechat | 2024-11-21 | 7.5 High |
| WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. | ||||
| CVE-2021-40511 | 1 Obdasystems | 1 Mastro | 2024-11-21 | 7.5 High |
| OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service. | ||||
| CVE-2021-40510 | 1 Obdasystems | 1 Mastro | 2024-11-21 | 7.5 High |
| XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs. | ||||
| CVE-2021-40503 | 1 Sap | 1 Gui For Windows | 2024-11-21 | 7.8 High |
| An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user. | ||||
| CVE-2021-40502 | 1 Sap | 1 Commerce | 2024-11-21 | 8.8 High |
| SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to. | ||||
| CVE-2021-40501 | 1 Sap | 1 Abap Platform Kernel | 2024-11-21 | 8.1 High |
| SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system. | ||||
| CVE-2021-40500 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 7.5 High |
| SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server. | ||||
| CVE-2021-40490 | 5 Debian, Fedoraproject, Linux and 2 more | 30 Debian Linux, Fedora, Linux Kernel and 27 more | 2024-11-21 | 7.0 High |
| A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | ||||
| CVE-2021-40489 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 7.8 High |
| Storage Spaces Controller Elevation of Privilege Vulnerability | ||||