Export limit exceeded: 344071 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8025 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2024-11-21 | 3.9 Low |
| HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | ||||
| CVE-2021-27495 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-11-21 | 7.1 High |
| Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint. | ||||
| CVE-2021-27491 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-11-21 | 7.5 High |
| Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process. | ||||
| CVE-2021-27463 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 5.3 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. | ||||
| CVE-2021-27372 | 1 Realtek | 2 Xpon Rtl9601d, Xpon Rtl9601d Software Development Kit | 2024-11-21 | 9.8 Critical |
| Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | ||||
| CVE-2021-27335 | 1 Kollectapp | 1 Kollect | 2024-11-21 | 9.8 Critical |
| KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | ||||
| CVE-2021-27277 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the OneTimeJobSchedulerEventsService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11955. | ||||
| CVE-2021-27241 | 1 Avast | 1 Premium Security | 2024-11-21 | 6.1 Medium |
| This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082. | ||||
| CVE-2021-27240 | 1 Solarwinds | 1 Patch Manager | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009. | ||||
| CVE-2021-27229 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | 8.8 High |
| Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | ||||
| CVE-2021-27213 | 1 Pystemon Project | 1 Pystemon | 2024-11-21 | 9.8 Critical |
| config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | ||||
| CVE-2021-27187 | 1 Xn--b1agzlht | 1 Fx Aggregator Terminal Client | 2024-11-21 | 7.5 High |
| The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. | ||||
| CVE-2021-27117 | 1 Beego | 1 Beego | 2024-11-21 | 7.8 High |
| An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. | ||||
| CVE-2021-27116 | 1 Beego | 1 Beego | 2024-11-21 | 7.8 High |
| An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. | ||||
| CVE-2021-27026 | 1 Puppet | 3 Puppet, Puppet Connect, Puppet Enterprise | 2024-11-21 | 4.4 Medium |
| A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | ||||
| CVE-2021-27022 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-11-21 | 4.9 Medium |
| A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | ||||
| CVE-2021-27019 | 1 Puppet | 2 Puppet Enterprise, Puppetdb | 2024-11-21 | 4.3 Medium |
| PuppetDB logging included potentially sensitive system information. | ||||
| CVE-2021-26999 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 4.3 Medium |
| NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | ||||
| CVE-2021-26998 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 4.3 Medium |
| NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | ||||
| CVE-2021-26915 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | ||||