Export limit exceeded: 79000 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79000 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33740 | 1 Microsoft | 6 Windows 10, Windows 10 1507, Windows 10 1809 and 3 more | 2024-11-21 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2021-33737 | 1 Siemens | 12 Simatic Cp343-1, Simatic Cp343-1 Advanced, Simatic Cp 343-1 Advanced Firmware and 9 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations. | ||||
| CVE-2021-33736 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33735 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33734 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33733 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33732 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33731 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33730 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||||
| CVE-2021-33729 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | ||||
| CVE-2021-33728 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | ||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33721 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges. | ||||
| CVE-2021-33720 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition. | ||||
| CVE-2021-33712 | 1 Mendix | 1 Saml | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. | ||||
| CVE-2021-33708 | 1 Kyma-project | 1 Kyma | 2024-11-21 | 8.8 High |
| Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. | ||||
| CVE-2021-33705 | 1 Sap | 1 Netweaver Portal | 2024-11-21 | 8.1 High |
| The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability. | ||||
| CVE-2021-33704 | 1 Sap | 1 Business One | 2024-11-21 | 8.8 High |
| The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users. | ||||
| CVE-2021-33700 | 1 Sap | 1 Business One | 2024-11-21 | 7.8 High |
| SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application. | ||||
| CVE-2021-33698 | 1 Sap | 1 Business One | 2024-11-21 | 8.8 High |
| SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | ||||