Export limit exceeded: 10123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34574 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | 4.3 Medium |
| In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server. | ||||
| CVE-2021-34573 | 1 Enbra | 1 Ewm | 2024-11-21 | 6.2 Medium |
| In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events. | ||||
| CVE-2021-34539 | 1 Cubecoders | 1 Amp | 2024-11-21 | 7.2 High |
| An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution. | ||||
| CVE-2021-34436 | 1 Eclipse | 1 Theia | 2024-11-21 | 9.8 Critical |
| In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. | ||||
| CVE-2021-34428 | 5 Debian, Eclipse, Netapp and 2 more | 21 Debian Linux, Jetty, Active Iq Unified Manager and 18 more | 2024-11-21 | 2.9 Low |
| For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. | ||||
| CVE-2021-34254 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 6.1 Medium |
| Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. | ||||
| CVE-2021-34141 | 2 Numpy, Oracle | 2 Numpy, Communications Cloud Native Core Policy | 2024-11-21 | 5.3 Medium |
| An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." | ||||
| CVE-2021-33982 | 1 Myfwc | 1 Fish \| Hunt Fl | 2024-11-21 | 7.5 High |
| An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | ||||
| CVE-2021-33981 | 1 Myfwc | 1 Fish \| Hunt Fl | 2024-11-21 | 4.3 Medium |
| An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses. | ||||
| CVE-2021-33813 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Solr, Tika, Debian Linux and 7 more | 2024-11-21 | 7.5 High |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | ||||
| CVE-2021-33713 | 1 Siemens | 1 Jt Utilities | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. | ||||
| CVE-2021-33707 | 1 Sap | 1 Netweaver Knowledge Management | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity. | ||||
| CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2024-11-21 | 7.8 High |
| Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | ||||
| CVE-2021-33638 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. | ||||
| CVE-2021-33637 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. | ||||
| CVE-2021-33636 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula load command is used to load malicious images, attackers can execute arbitrary code. | ||||
| CVE-2021-33635 | 1 Openeuler | 1 Isula | 2024-11-21 | 9.8 Critical |
| When malicious images are pulled by isula pull, attackers can execute arbitrary code. | ||||
| CVE-2021-33634 | 1 Openeuler | 1 Icr | 2024-11-21 | 6.3 Medium |
| iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS. | ||||
| CVE-2021-33600 | 1 F-secure | 1 Internet Gatekeeper | 2024-11-21 | 5.4 Medium |
| A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product. | ||||
| CVE-2021-33321 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 7.5 High |
| Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true. | ||||