Export limit exceeded: 35091 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35091 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30164 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 9.8 Critical |
| Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. | ||||
| CVE-2021-30163 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 7.5 High |
| Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. | ||||
| CVE-2021-30161 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021). | ||||
| CVE-2021-30159 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 Medium |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. | ||||
| CVE-2021-30126 | 1 Lightmeter | 1 Controlcenter | 2024-11-21 | 6.5 Medium |
| Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query. | ||||
| CVE-2021-30124 | 1 Vscode-phpmd Project | 1 Vscode-phpmd | 2024-11-21 | 9.8 Critical |
| The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder. | ||||
| CVE-2021-30110 | 1 Greyware | 1 Domain Time Ii | 2024-11-21 | 7.5 High |
| dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates. | ||||
| CVE-2021-30080 | 1 Beego | 1 Beego | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control. | ||||
| CVE-2021-30070 | 1 Hestiacp | 1 Hestiacp | 2024-11-21 | 7.5 High |
| An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager. | ||||
| CVE-2021-30065 | 2 Belden, Schneider-electric | 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more | 2024-11-21 | 7.5 High |
| On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401. | ||||
| CVE-2021-30063 | 2 Belden, Schneider-electric | 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more | 2024-11-21 | 7.5 High |
| On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | ||||
| CVE-2021-30062 | 2 Belden, Schneider-electric | 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more | 2024-11-21 | 7.5 High |
| On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | ||||
| CVE-2021-30061 | 2 Belden, Schneider-electric | 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more | 2024-11-21 | 6.8 Medium |
| On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. | ||||
| CVE-2021-30047 | 1 Vsftpd Project | 1 Vsftpd | 2024-11-21 | 7.5 High |
| VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. | ||||
| CVE-2021-2485 | 1 Oracle | 1 Trade Management | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2484 | 1 Oracle | 1 Operations Intelligence | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Operations Intelligence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Operations Intelligence accessible data as well as unauthorized access to critical data or complete access to all Oracle Operations Intelligence accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2483 | 1 Oracle | 1 Content Manager | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Content Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Content Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Content Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2482 | 1 Oracle | 1 Payables | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: Invoice Approvals). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2481 | 4 Fedoraproject, Netapp, Oracle and 1 more | 6 Fedora, Oncommand Insight, Snapcenter and 3 more | 2024-11-21 | 6.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2021-2480 | 1 Oracle | 1 Http Server | 2024-11-21 | 3.7 Low |
| Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||