Export limit exceeded: 351703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 81019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81019 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35331 | 1 Tcl | 1 Tcl | 2024-11-21 | 7.8 High |
| In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding | ||||
| CVE-2021-35326 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. | ||||
| CVE-2021-35325 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2021-35312 | 1 Gestionaleamica | 1 Amica Prodigy | 2024-11-21 | 7.8 High |
| A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges. | ||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2024-11-21 | 7.5 High |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | ||||
| CVE-2021-35299 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. | ||||
| CVE-2021-35297 | 1 Scalabium | 1 Dbase Viewer | 2024-11-21 | 7.8 High |
| Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code. | ||||
| CVE-2021-35269 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | ||||
| CVE-2021-35267 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. | ||||
| CVE-2021-35266 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. | ||||
| CVE-2021-35254 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 8.2 High |
| SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | ||||
| CVE-2021-35250 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 7.5 High |
| A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | ||||
| CVE-2021-35245 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2024-11-21 | 8.4 High |
| When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | ||||
| CVE-2021-35242 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 8.3 High |
| Serv-U server responds with valid CSRFToken when the request contains only Session. | ||||
| CVE-2021-35239 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.5 High |
| A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | ||||
| CVE-2021-35234 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 8 High |
| Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. | ||||
| CVE-2021-35223 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 8.5 High |
| The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution. | ||||
| CVE-2021-35222 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 8 High |
| This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | ||||
| CVE-2021-35220 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 8.1 High |
| Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | ||||
| CVE-2021-35218 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 8.9 High |
| Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server | ||||