Export limit exceeded: 351454 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80939 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33894 | 1 Progress | 1 Moveit Transfer | 2024-11-21 | 8.8 High |
| In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements. | ||||
| CVE-2021-33886 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2024-11-21 | 8.1 High |
| An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device. | ||||
| CVE-2021-33879 | 1 Tencent | 1 Gameloop | 2024-11-21 | 8.1 High |
| Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine. | ||||
| CVE-2021-33842 | 1 Circutor | 2 Sge-plc1000, Sge-plc1000 Firmware | 2024-11-21 | 8.8 High |
| Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located. | ||||
| CVE-2021-33840 | 1 Luca-app | 1 Luca | 2024-11-21 | 7.5 High |
| The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. | ||||
| CVE-2021-33839 | 1 Luca-app | 1 Luca | 2024-11-21 | 7.5 High |
| Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting. | ||||
| CVE-2021-33838 | 1 Luca-app | 1 Luca | 2024-11-21 | 7.5 High |
| Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number Registration. | ||||
| CVE-2021-33834 | 1 Insyde | 2 H2offt, Iscflashx64.sys | 2024-11-21 | 7.1 High |
| An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash. | ||||
| CVE-2021-33828 | 1 Owncloud | 1 Files Antivirus | 2024-11-21 | 8.8 High |
| The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection. | ||||
| CVE-2021-33827 | 1 Owncloud | 1 Files Antivirus | 2024-11-21 | 7.2 High |
| The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | ||||
| CVE-2021-33824 | 1 Moxa | 2 Mgate Mb3180, Mgate Mb3180 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | ||||
| CVE-2021-33823 | 1 Moxa | 2 Mgate Mb3180, Mgate Mb3180 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. | ||||
| CVE-2021-33822 | 1 Sing4g | 2 4gee Router Hh70vb, 4gee Router Hh70vb Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | ||||
| CVE-2021-33820 | 1 Ui | 2 Camera G3 Flex, Camera G3 Flex Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. | ||||
| CVE-2021-33818 | 1 Ui | 2 Camera G3 Flex, Camera G3 Flex Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | ||||
| CVE-2021-33815 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
| dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | ||||
| CVE-2021-33813 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Solr, Tika, Debian Linux and 7 more | 2024-11-21 | 7.5 High |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | ||||
| CVE-2021-33807 | 1 Gespage | 1 Gespage | 2024-11-21 | 7.5 High |
| Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | ||||
| CVE-2021-33800 | 1 Alibaba | 1 Druid | 2024-11-21 | 7.5 High |
| In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | ||||
| CVE-2021-33792 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 7.8 High |
| Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. | ||||