Export limit exceeded: 79180 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79180 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36202 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 8.4 High |
| Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. | ||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-11-21 | 8.3 High |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | ||||
| CVE-2021-36194 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. | ||||
| CVE-2021-36186 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | ||||
| CVE-2021-36185 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2021-36184 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. | ||||
| CVE-2021-36183 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.4 High |
| An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | ||||
| CVE-2021-36182 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | ||||
| CVE-2021-36180 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.1 High |
| Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | ||||
| CVE-2021-36179 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution | ||||
| CVE-2021-36173 | 1 Fortinet | 14 Fortigate-1100e, Fortigate-200f, Fortigate-2600f and 11 more | 2024-11-21 | 8 High |
| A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. | ||||
| CVE-2021-36171 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 8.1 High |
| The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. | ||||
| CVE-2021-36162 | 1 Apache | 1 Dubbo | 2024-11-21 | 8.8 High |
| Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, ...) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2 | ||||
| CVE-2021-36155 | 1 Linuxfoundation | 1 Grpc Swift | 2024-11-21 | 7.5 High |
| LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | ||||
| CVE-2021-36154 | 1 Linuxfoundation | 1 Grpc Swift | 2024-11-21 | 7.5 High |
| HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. | ||||
| CVE-2021-36153 | 1 Linuxfoundation | 1 Grpc Swift | 2024-11-21 | 7.5 High |
| Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. | ||||
| CVE-2021-36148 | 1 Linux | 1 Acrn | 2024-11-21 | 7.8 High |
| An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. | ||||
| CVE-2021-36147 | 1 Linux | 1 Acrn | 2024-11-21 | 7.5 High |
| An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. | ||||
| CVE-2021-36146 | 1 Linux | 1 Acrn | 2024-11-21 | 7.5 High |
| ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. | ||||
| CVE-2021-36145 | 1 Linux | 1 Acrn | 2024-11-21 | 7.5 High |
| The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. | ||||