Export limit exceeded: 352554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 81315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81315 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44648 | 4 Debian, Fedoraproject, Gnome and 1 more | 4 Debian Linux, Fedora, Gdkpixbuf and 1 more | 2024-11-21 | 8.8 High |
| GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | ||||
| CVE-2021-44599 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 7.5 High |
| The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system. | ||||
| CVE-2021-44595 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 8.8 High |
| Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. | ||||
| CVE-2021-44593 | 1 Simple College Website Project | 1 Simple College Website | 2024-11-21 | 8.1 High |
| Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | ||||
| CVE-2021-44586 | 1 Dst-admin Project | 1 Dst-admin | 2024-11-21 | 7.5 High |
| An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information. | ||||
| CVE-2021-44582 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 8.8 High |
| A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. | ||||
| CVE-2021-44581 | 1 Kreado | 1 Kreasfero | 2024-11-21 | 7.5 High |
| An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. | ||||
| CVE-2021-44564 | 1 Kalkitech | 40 Sync2000-m1, Sync2000-m1 Firmware, Sync2000-m2 and 37 more | 2024-11-21 | 8.1 High |
| A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). | ||||
| CVE-2021-44549 | 2 Apache, Redhat | 3 Sling Commons Messaging Mail, Ocp Tools, Quarkus | 2024-11-21 | 7.4 High |
| Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429 | ||||
| CVE-2021-44544 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | ||||
| CVE-2021-44542 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 7.5 High |
| A memory leak vulnerability was found in Privoxy when handling errors. | ||||
| CVE-2021-44541 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 7.5 High |
| A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | ||||
| CVE-2021-44540 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 7.5 High |
| A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | ||||
| CVE-2021-44537 | 2 Fedoraproject, Owncloud | 2 Fedora, Owncloud Desktop Client | 2024-11-21 | 7.8 High |
| ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | ||||
| CVE-2021-44522 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. | ||||
| CVE-2021-44520 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 8.8 High |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | ||||
| CVE-2021-44519 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 8.8 High |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. | ||||
| CVE-2021-44513 | 1 Tmate | 1 Tmate-ssh-server | 2024-11-21 | 7.0 High |
| Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling. | ||||
| CVE-2021-44512 | 1 Tmate | 1 Tmate-ssh-server | 2024-11-21 | 7.0 High |
| World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory. | ||||
| CVE-2021-44510 | 1 Fisglobal | 1 Gt.m | 2024-11-21 | 7.5 High |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. | ||||