Export limit exceeded: 81215 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81215 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40345 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | ||||
| CVE-2021-40344 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution. | ||||
| CVE-2021-40343 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user. | ||||
| CVE-2021-40334 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2024-11-21 | 8.6 High |
| Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | ||||
| CVE-2021-40331 | 1 Apache | 1 Ranger | 2024-11-21 | 8.1 High |
| An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later. | ||||
| CVE-2021-40330 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2024-11-21 | 7.5 High |
| git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. | ||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 7.5 High |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | ||||
| CVE-2021-40324 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 7.5 High |
| Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | ||||
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | ||||
| CVE-2021-40313 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | ||||
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. | ||||
| CVE-2021-40288 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2024-11-21 | 7.5 High |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | ||||
| CVE-2021-40285 | 1 Htmly | 1 Htmly | 2024-11-21 | 8.1 High |
| htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | ||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | ||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | ||||
| CVE-2021-40280 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | ||||
| CVE-2021-40279 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | ||||
| CVE-2021-40265 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 8.8 High |
| A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp. | ||||
| CVE-2021-40263 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 8.8 High |
| A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. | ||||
| CVE-2021-40222 | 1 Rittal | 2 Cmc Pu Iii 7030.000, Cmc Pu Iii 7030.000 Firmware | 2024-11-21 | 7.2 High |
| Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received. | ||||