Export limit exceeded: 79510 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79510 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40356 | 1 Siemens | 1 Teamcenter Visualization | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | ||||
| CVE-2021-40355 | 1 Siemens | 1 Teamcenter Visualization | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly. | ||||
| CVE-2021-40354 | 1 Siemens | 1 Teamcenter Visualization | 2024-11-21 | 7.1 High |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks". | ||||
| CVE-2021-40348 | 2 Spacewalk Project, Uyuni-project | 2 Spacewalk, Uyuni | 2024-11-21 | 8.8 High |
| Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. | ||||
| CVE-2021-40346 | 4 Debian, Fedoraproject, Haproxy and 1 more | 4 Debian Linux, Fedora, Haproxy and 1 more | 2024-11-21 | 7.5 High |
| An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | ||||
| CVE-2021-40345 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | ||||
| CVE-2021-40344 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution. | ||||
| CVE-2021-40343 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user. | ||||
| CVE-2021-40334 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2024-11-21 | 8.6 High |
| Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | ||||
| CVE-2021-40331 | 1 Apache | 1 Ranger | 2024-11-21 | 8.1 High |
| An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later. | ||||
| CVE-2021-40330 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2024-11-21 | 7.5 High |
| git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. | ||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 7.5 High |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | ||||
| CVE-2021-40324 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 7.5 High |
| Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | ||||
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | ||||
| CVE-2021-40313 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | ||||
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. | ||||
| CVE-2021-40288 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2024-11-21 | 7.5 High |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | ||||
| CVE-2021-40285 | 1 Htmly | 1 Htmly | 2024-11-21 | 8.1 High |
| htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | ||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | ||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | ||||