Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46101 | 1 Gitforwindows | 1 Git | 2024-11-21 | 7.5 High |
| In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. | ||||
| CVE-2021-46088 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 7.2 High |
| Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user. | ||||
| CVE-2021-46067 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 9.8 Critical |
| In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. | ||||
| CVE-2021-46062 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.1 High |
| MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. | ||||
| CVE-2021-46045 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | ||||
| CVE-2021-46041 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. | ||||
| CVE-2021-46037 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 8.1 High |
| MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | ||||
| CVE-2021-45983 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 9.8 Critical |
| NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | ||||
| CVE-2021-45980 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 7.8 High |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API. | ||||
| CVE-2021-45977 | 1 Jetbrains | 7 Clion, Goland, Intellij Idea and 4 more | 2024-11-21 | 9.8 Critical |
| JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. | ||||
| CVE-2021-45915 | 1 Luxsoft | 1 Luxcal | 2024-11-21 | 9.8 Critical |
| In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. | ||||
| CVE-2021-45914 | 1 Luxsoft | 1 Luxcal | 2024-11-21 | 9.8 Critical |
| In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. | ||||
| CVE-2021-45898 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | ||||
| CVE-2021-45897 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | ||||
| CVE-2021-45842 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 7.5 High |
| It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. | ||||
| CVE-2021-45840 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 9.8 Critical |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. | ||||
| CVE-2021-45839 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 6.5 Medium |
| It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. | ||||
| CVE-2021-45837 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 9.8 Critical |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. | ||||
| CVE-2021-45836 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 8.8 High |
| An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | ||||
| CVE-2021-45810 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 7.5 High |
| GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. | ||||