Export limit exceeded: 80894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31605 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2024-11-21 | 7.5 High |
| furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. | ||||
| CVE-2021-31601 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2024-11-21 | 7.1 High |
| An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials. | ||||
| CVE-2021-31599 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code. | ||||
| CVE-2021-31598 | 2 Debian, Ezxml Project | 2 Debian Linux, Ezxml | 2024-11-21 | 7.5 High |
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. | ||||
| CVE-2021-31590 | 1 Pwndoc Project | 1 Pwndoc | 2024-11-21 | 8.8 High |
| PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system. | ||||
| CVE-2021-31586 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 8.8 High |
| Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. | ||||
| CVE-2021-31584 | 1 Sipwise | 1 Next Generation Communication Platform | 2024-11-21 | 8.8 High |
| Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. | ||||
| CVE-2021-31581 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-11-21 | 7.9 High |
| The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | ||||
| CVE-2021-31580 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-11-21 | 8.7 High |
| The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | ||||
| CVE-2021-31579 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-11-21 | 8.2 High |
| Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | ||||
| CVE-2021-31576 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2024-11-21 | 7.5 High |
| In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | ||||
| CVE-2021-31566 | 5 Debian, Fedoraproject, Libarchive and 2 more | 14 Debian Linux, Fedora, Libarchive and 11 more | 2024-11-21 | 7.8 High |
| An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | ||||
| CVE-2021-31559 | 1 Splunk | 1 Splunk | 2024-11-21 | 7.5 High |
| A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. | ||||
| CVE-2021-31555 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length. | ||||
| CVE-2021-31542 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 6 Debian Linux, Django, Fedora and 3 more | 2024-11-21 | 7.5 High |
| In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | ||||
| CVE-2021-31540 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 7.1 High |
| Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration. | ||||
| CVE-2021-31538 | 1 Lancom-systems | 6 Lcos Fx, Uf-160, Uf-260 and 3 more | 2024-11-21 | 7.5 High |
| LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. | ||||
| CVE-2021-31523 | 1 Xscreensaver Project | 1 Xscreensaver | 2024-11-21 | 7.8 High |
| The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency. | ||||
| CVE-2021-31520 | 1 Trendmicro | 1 Im Security | 2024-11-21 | 8.1 High |
| A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface. | ||||
| CVE-2021-31519 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 7.3 High |
| An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||