Export limit exceeded: 79206 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79206 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37366 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 8.8 High |
| CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users. | ||||
| CVE-2021-37364 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.8 High |
| OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | ||||
| CVE-2021-37363 | 1 Gestionaleopen | 1 Gestionale Open | 2024-11-21 | 7.8 High |
| An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | ||||
| CVE-2021-37349 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | ||||
| CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 High |
| Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | ||||
| CVE-2021-37347 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | ||||
| CVE-2021-37345 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | ||||
| CVE-2021-37343 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | ||||
| CVE-2021-37322 | 1 Gnu | 2 Binutils, Gcc | 2024-11-21 | 7.8 High |
| GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | ||||
| CVE-2021-37292 | 1 Kevinlab | 1 4st L-bems | 2024-11-21 | 7.2 High |
| An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. | ||||
| CVE-2021-37289 | 1 Planex | 2 Mzk-dp150n, Mzk-dp150n Firmware | 2024-11-21 | 7.2 High |
| Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | ||||
| CVE-2021-37274 | 1 Kingdee | 1 Kis Cloud | 2024-11-21 | 8.8 High |
| Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | ||||
| CVE-2021-37273 | 1 Chinatelecom | 2 Epon Tianyi Gateway Zxhn F450, Epon Tianyi Gateway Zxhn F450 Firmware | 2024-11-21 | 7.5 High |
| A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times. | ||||
| CVE-2021-37262 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 7.5 High |
| JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. | ||||
| CVE-2021-37254 | 1 M-files | 1 M-files Web | 2024-11-21 | 7.5 High |
| In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | ||||
| CVE-2021-37253 | 1 M-files | 1 M-files Web | 2024-11-21 | 7.5 High |
| M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application | ||||
| CVE-2021-37221 | 1 Customer Relationship Management System Project | 1 Customer Relationship Management System | 2024-11-21 | 8.8 High |
| A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . | ||||
| CVE-2021-37219 | 1 Hashicorp | 1 Consul | 2024-11-21 | 8.8 High |
| HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. | ||||
| CVE-2021-37218 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 8.8 High |
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. | ||||
| CVE-2021-37214 | 1 Larvata | 1 Flygo | 2024-11-21 | 8.8 High |
| The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command. | ||||