Export limit exceeded: 81268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43455 | 1 Freelan | 1 Freelan | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. | ||||
| CVE-2021-43454 | 1 Anytxt | 1 Anytxt Searcher | 2024-11-21 | 7.8 High |
| An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . | ||||
| CVE-2021-43442 | 1 I3international | 6 Ax46, Ax46 Firmware, Ax68 and 3 more | 2024-11-21 | 8.1 High |
| A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. | ||||
| CVE-2021-43437 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 8.8 High |
| In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host. And It's possible to send requests with arbitrary Host Headers to the first virtual host. | ||||
| CVE-2021-43430 | 1 Bigantsoft | 1 Bigant Office Messenger 5 | 2024-11-21 | 8.8 High |
| An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | ||||
| CVE-2021-43429 | 1 Seagate | 1 Cortx-s3 Server | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. | ||||
| CVE-2021-43419 | 1 Opayweb | 1 Opay | 2024-11-21 | 7.5 High |
| An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. | ||||
| CVE-2021-43415 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 8.8 High |
| HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. | ||||
| CVE-2021-43414 | 1 Gnu | 1 Hurd | 2024-11-21 | 7.0 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | ||||
| CVE-2021-43413 | 1 Gnu | 1 Hurd | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access. | ||||
| CVE-2021-43412 | 1 Gnu | 1 Hurd | 2024-11-21 | 7.8 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | ||||
| CVE-2021-43411 | 1 Gnu | 1 Hurd | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. | ||||
| CVE-2021-43406 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | ||||
| CVE-2021-43405 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | ||||
| CVE-2021-43404 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | ||||
| CVE-2021-43399 | 1 Yubico | 1 Yubihsm 2 Software Development Kit | 2024-11-21 | 7.5 High |
| The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | ||||
| CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 8.8 High |
| LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | ||||
| CVE-2021-43396 | 2 Gnu, Oracle | 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-11-21 | 7.5 High |
| In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. | ||||
| CVE-2021-43391 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43390 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||