Export limit exceeded: 80920 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80920 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33220 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 7.8 High |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. | ||||
| CVE-2021-33217 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 8.8 High |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. | ||||
| CVE-2021-33208 | 1 Softwareag | 1 Mashzone Nextgen | 2024-11-21 | 7.2 High |
| The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. | ||||
| CVE-2021-33205 | 1 Westerndigital | 1 Edgerover | 2024-11-21 | 8.8 High |
| Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials. | ||||
| CVE-2021-33200 | 4 Fedoraproject, Linux, Netapp and 1 more | 20 Fedora, Linux Kernel, Cloud Backup and 17 more | 2024-11-21 | 7.8 High |
| kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. | ||||
| CVE-2021-33198 | 2 Golang, Redhat | 13 Go, Advanced Cluster Security, Container Native Virtualization and 10 more | 2024-11-21 | 7.5 High |
| In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | ||||
| CVE-2021-33196 | 3 Debian, Golang, Redhat | 8 Debian Linux, Go, Devtools and 5 more | 2024-11-21 | 7.5 High |
| In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | ||||
| CVE-2021-33195 | 3 Golang, Netapp, Redhat | 12 Go, Cloud Insights Telegraf Agent, Advanced Cluster Security and 9 more | 2024-11-21 | 7.3 High |
| Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | ||||
| CVE-2021-33194 | 3 Fedoraproject, Golang, Redhat | 4 Fedora, Go, Logging and 1 more | 2024-11-21 | 7.5 High |
| golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. | ||||
| CVE-2021-33186 | 1 Serenityos | 1 Serenityos | 2024-11-21 | 7.5 High |
| SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. | ||||
| CVE-2021-33185 | 1 Serenityos | 1 Serenityos | 2024-11-21 | 7.5 High |
| SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. | ||||
| CVE-2021-33184 | 1 Synology | 1 Download Station | 2024-11-21 | 7.7 High |
| Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2021-33183 | 1 Synology | 1 Docker | 2024-11-21 | 7.9 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. | ||||
| CVE-2021-33180 | 1 Synology | 1 Media Server | 2024-11-21 | 7.3 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2021-33177 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries. | ||||
| CVE-2021-33176 | 1 Octavolabs | 1 Vernemq | 2024-11-21 | 7.5 High |
| VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. | ||||
| CVE-2021-33175 | 1 Emqx | 1 Emq X Broker | 2024-11-21 | 7.5 High |
| EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. | ||||
| CVE-2021-33164 | 1 Intel | 8 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 5 more | 2024-11-21 | 8.2 High |
| Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33118 | 1 Intel | 1 Serial Io Driver For Intel Nuc 11 Gen | 2024-11-21 | 7.8 High |
| Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33106 | 1 Intel | 1 Safestring Library | 2024-11-21 | 7.8 High |
| Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||