Export limit exceeded: 80659 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80659 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27018 | 1 Puppet | 1 Remediate | 2024-11-21 | 7.5 High |
| The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source. | ||||
| CVE-2021-27005 | 1 Netapp | 1 Ontap System Manager | 2024-11-21 | 7.5 High |
| Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | ||||
| CVE-2021-27002 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 7.5 High |
| NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | ||||
| CVE-2021-26996 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 7.5 High |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks. | ||||
| CVE-2021-26995 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 8.8 High |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code. | ||||
| CVE-2021-26992 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 7.5 High |
| Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). | ||||
| CVE-2021-26991 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 7.5 High |
| Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. | ||||
| CVE-2021-26964 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.1 High |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. | ||||
| CVE-2021-26963 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.2 High |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | ||||
| CVE-2021-26962 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.2 High |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | ||||
| CVE-2021-26961 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.8 High |
| A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | ||||
| CVE-2021-26960 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.8 High |
| A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | ||||
| CVE-2021-26958 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 8.8 High |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type. | ||||
| CVE-2021-26953 | 1 Postscript Project | 1 Postscript | 2024-11-21 | 7.5 High |
| An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation. | ||||
| CVE-2021-26952 | 1 Ms3d Project | 1 Ms3d | 2024-11-21 | 7.5 High |
| An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read. | ||||
| CVE-2021-26948 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.8 High |
| Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. | ||||
| CVE-2021-26943 | 1 Asus | 2 Ux360ca, Ux360ca Bios | 2024-11-21 | 8.2 High |
| The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). | ||||
| CVE-2021-26939 | 1 Henriquedornas | 1 Henriquedornas | 2024-11-21 | 7.5 High |
| An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem | ||||
| CVE-2021-26936 | 1 Replaysorcery Project | 1 Replaysorcery | 2024-11-21 | 7.8 High |
| The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations. | ||||
| CVE-2021-26935 | 1 Wowonder | 1 Wowonder | 2024-11-21 | 7.5 High |
| In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. | ||||