Export limit exceeded: 80841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80841 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30130 | 2 Debian, Phpseclib | 2 Debian Linux, Phpseclib | 2024-11-21 | 7.5 High |
| phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. | ||||
| CVE-2021-30127 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2024-11-21 | 7.3 High |
| TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround. | ||||
| CVE-2021-30123 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
| FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. | ||||
| CVE-2021-30110 | 1 Greyware | 1 Domain Time Ii | 2024-11-21 | 7.5 High |
| dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates. | ||||
| CVE-2021-30081 | 1 Emlog | 1 Emlog | 2024-11-21 | 8.8 High |
| An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page. | ||||
| CVE-2021-30070 | 1 Hestiacp | 1 Hestiacp | 2024-11-21 | 7.5 High |
| An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager. | ||||
| CVE-2021-30065 | 2 Belden, Schneider-electric | 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more | 2024-11-21 | 7.5 High |
| On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401. | ||||
| CVE-2021-30063 | 2 Belden, Schneider-electric | 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more | 2024-11-21 | 7.5 High |
| On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | ||||
| CVE-2021-30062 | 2 Belden, Schneider-electric | 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more | 2024-11-21 | 7.5 High |
| On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | ||||
| CVE-2021-30055 | 1 Eng | 1 Knowage | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report. | ||||
| CVE-2021-30047 | 1 Vsftpd Project | 1 Vsftpd | 2024-11-21 | 7.5 High |
| VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. | ||||
| CVE-2021-30028 | 1 Sooteway Wi-fi Range Extender Project | 1 Sooteway Wi-fi Range Extender | 2024-11-21 | 7.2 High |
| SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely. | ||||
| CVE-2021-30006 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. | ||||
| CVE-2021-30005 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 7.8 High |
| In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. | ||||
| CVE-2021-2485 | 1 Oracle | 1 Trade Management | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2484 | 1 Oracle | 1 Operations Intelligence | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Operations Intelligence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Operations Intelligence accessible data as well as unauthorized access to critical data or complete access to all Oracle Operations Intelligence accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2483 | 1 Oracle | 1 Content Manager | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Content Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Content Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Content Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2482 | 1 Oracle | 1 Payables | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: Invoice Approvals). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2474 | 1 Oracle | 1 Web Analytics | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-2464 | 1 Oracle | 2 Engineered Systems Utilities, Linux | 2024-11-21 | 7.8 High |
| Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||