Export limit exceeded: 79418 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79418 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3328 | 1 Aprelium | 1 Abyss Web Server X1 | 2024-11-21 | 7.5 High |
| An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application. | ||||
| CVE-2021-3323 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc | ||||
| CVE-2021-3321 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 High |
| Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | ||||
| CVE-2021-3317 | 1 Klogserver | 1 Klog Server | 2024-11-21 | 8.8 High |
| KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter. | ||||
| CVE-2021-3310 | 1 Westerndigital | 9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more | 2024-11-21 | 7.8 High |
| Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files). | ||||
| CVE-2021-3309 | 1 Wekan Project | 1 Wekan | 2024-11-21 | 8.1 High |
| packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, | ||||
| CVE-2021-3291 | 1 Zen-cart | 1 Zen Cart | 2024-11-21 | 7.2 High |
| Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. | ||||
| CVE-2021-3283 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 High |
| HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3. | ||||
| CVE-2021-3282 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 High |
| HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2. | ||||
| CVE-2021-3277 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | ||||
| CVE-2021-3273 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system. | ||||
| CVE-2021-3264 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 7.2 High |
| SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | ||||
| CVE-2021-3254 | 1 Asus | 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware | 2024-11-21 | 7.5 High |
| Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. | ||||
| CVE-2021-3252 | 1 Kaco-newenergy | 2 Xp100u, Xp100u Firmware | 2024-11-21 | 7.5 High |
| KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability. | ||||
| CVE-2021-3246 | 4 Debian, Fedoraproject, Libsndfile Project and 1 more | 5 Debian Linux, Fedora, Libsndfile and 2 more | 2024-11-21 | 8.8 High |
| A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | ||||
| CVE-2021-3229 | 1 Asus | 2 Rt-ax3000, Rt-ax3000 Firmware | 2024-11-21 | 7.5 High |
| Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. | ||||
| CVE-2021-3223 | 1 Nodered | 1 Node-red-dashboard | 2024-11-21 | 7.5 High |
| Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. | ||||
| CVE-2021-3196 | 1 Hitachi | 1 Id Bravura Security Fabric | 2024-11-21 | 8.8 High |
| An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user. | ||||
| CVE-2021-3195 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 7.5 High |
| bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions | ||||
| CVE-2021-3191 | 1 Hpe | 2 Nonstop, Web Viewpoint | 2024-11-21 | 8.8 High |
| Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H). | ||||