Export limit exceeded: 81040 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81040 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36235 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 7.8 High |
| An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. | ||||
| CVE-2021-36232 | 1 Unit4 | 1 Mik.starlight | 2024-11-21 | 8.8 High |
| Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. | ||||
| CVE-2021-36231 | 1 Unit4 | 1 Mik.starlight | 2024-11-21 | 8.8 High |
| Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. | ||||
| CVE-2021-36230 | 1 Hashicorp | 1 Terraform | 2024-11-21 | 8.8 High |
| HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1. | ||||
| CVE-2021-36222 | 5 Debian, Mit, Netapp and 2 more | 8 Debian Linux, Kerberos 5, Active Iq Unified Manager and 5 more | 2024-11-21 | 7.5 High |
| ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | ||||
| CVE-2021-36218 | 1 Skale | 1 Sgxwallet | 2024-11-21 | 7.5 High |
| An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0 | ||||
| CVE-2021-36216 | 1 Linecorp | 1 Line | 2024-11-21 | 7.8 High |
| LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. | ||||
| CVE-2021-36213 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1. | ||||
| CVE-2021-36207 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 8.8 High |
| Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. | ||||
| CVE-2021-36205 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 8.1 High |
| Under certain circumstances the session token is not cleared on logout. | ||||
| CVE-2021-36202 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 8.4 High |
| Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. | ||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-11-21 | 8.3 High |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | ||||
| CVE-2021-36194 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. | ||||
| CVE-2021-36186 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | ||||
| CVE-2021-36185 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2021-36184 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. | ||||
| CVE-2021-36183 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.4 High |
| An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | ||||
| CVE-2021-36182 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | ||||
| CVE-2021-36180 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.1 High |
| Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | ||||
| CVE-2021-36179 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution | ||||