Export limit exceeded: 78924 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78924 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31816 | 1 Octopus | 1 Server | 2024-11-21 | 7.5 High |
| When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | ||||
| CVE-2021-31802 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header. | ||||
| CVE-2021-31799 | 4 Debian, Oracle, Redhat and 1 more | 8 Debian Linux, Jd Edwards Enterpriseone Tools, Enterprise Linux and 5 more | 2024-11-21 | 7 High |
| In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | ||||
| CVE-2021-31796 | 1 Cyberark | 1 Credential Provider | 2024-11-21 | 7.5 High |
| An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. | ||||
| CVE-2021-31795 | 1 Pvrsrvkm.ko Project | 1 Pvrsrvkm.ko | 2024-11-21 | 7.0 High |
| The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR. | ||||
| CVE-2021-31793 | 1 Nightowlsp | 2 Wdb-20, Wdb-20 Firmware | 2024-11-21 | 7.5 High |
| An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI. | ||||
| CVE-2021-31791 | 1 Sentrysoftware | 1 Hardware Sentry Km For Bmc Patrol | 2024-11-21 | 7.5 High |
| In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. | ||||
| CVE-2021-31784 | 2 Opendesign, Siemens | 2 Drawings Sdk, Comos | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | ||||
| CVE-2021-31783 | 1 Piwigo | 1 Localfiles Editor | 2024-11-21 | 7.5 High |
| show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check. | ||||
| CVE-2021-31780 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. | ||||
| CVE-2021-31776 | 2 Aviatrix, Microsoft | 2 Vpn Client, Windows | 2024-11-21 | 7.8 High |
| Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators. | ||||
| CVE-2021-31769 | 1 Myq-solution | 1 Myq Server | 2024-11-21 | 8.8 High |
| MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. | ||||
| CVE-2021-31762 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | ||||
| CVE-2021-31760 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | ||||
| CVE-2021-31745 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.5 High |
| Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password. | ||||
| CVE-2021-31728 | 1 Malwarefox | 1 Antimalware | 2024-11-21 | 7.8 High |
| Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook with IOCTL 0x80002044 and execute the executable memory using this hook with IOCTL 0x80002014 or 0x80002018, this exposes ring 0 code execution in the context of the driver allowing the non-privileged process to elevate privileges. | ||||
| CVE-2021-31727 | 1 Malwarefox | 1 Antimalware | 2024-11-21 | 7.8 High |
| Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile. | ||||
| CVE-2021-31718 | 1 Npupnp Project | 1 Npupnp | 2024-11-21 | 8.8 High |
| The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution. | ||||
| CVE-2021-31702 | 1 Frontiersoftware | 1 Ichris | 2024-11-21 | 7.5 High |
| Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. | ||||
| CVE-2021-31701 | 1 Mintty Project | 1 Mintty | 2024-11-21 | 7.5 High |
| Mintty before 3.4.7 mishandles Bracketed Paste Mode. | ||||