Export limit exceeded: 80310 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80310 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23270 | 1 Gargoyle-router | 1 Gargoyle | 2024-11-21 | 7.5 High |
| In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | ||||
| CVE-2021-23267 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 7.6 High |
| Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. | ||||
| CVE-2021-23264 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 8.1 High |
| Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. | ||||
| CVE-2021-23246 | 1 Oppo | 2 Ace2, Coloros | 2024-11-21 | 7.5 High |
| In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | ||||
| CVE-2021-23244 | 1 Oppo | 1 Coloros | 2024-11-21 | 7.8 High |
| ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | ||||
| CVE-2021-23243 | 2 Google, Oppo | 36 Android, Oppo A12, Oppo A15 and 33 more | 2024-11-21 | 7.8 High |
| In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | ||||
| CVE-2021-23240 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Hci Management Node, Solidfire and 2 more | 2024-11-21 | 7.8 High |
| selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. | ||||
| CVE-2021-23228 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | ||||
| CVE-2021-23217 | 3 Linux, Microsoft, Nvidia | 65 Linux Kernel, Windows, Geforce Gt 605 and 62 more | 2024-11-21 | 7.5 High |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components. | ||||
| CVE-2021-23214 | 3 Fedoraproject, Postgresql, Redhat | 7 Fedora, Postgresql, Enterprise Linux and 4 more | 2024-11-21 | 8.1 High |
| When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | ||||
| CVE-2021-23206 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.8 High |
| A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | ||||
| CVE-2021-23205 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 8.1 High |
| Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | ||||
| CVE-2021-23204 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 8.1 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3). | ||||
| CVE-2021-23201 | 3 Linux, Microsoft, Nvidia | 37 Linux Kernel, Windows, Geforce Gtx 950 and 34 more | 2024-11-21 | 7.5 High |
| NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components. | ||||
| CVE-2021-23193 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 8.1 High |
| Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions. | ||||
| CVE-2021-23192 | 2 Redhat, Samba | 4 Enterprise Linux, Rhel Eus, Storage and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. | ||||
| CVE-2021-23191 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.8 High |
| A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. | ||||
| CVE-2021-23186 | 1 Odoo | 3 Odoo, Odoo Community, Odoo Enterprise | 2024-11-21 | 8.7 High |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | ||||
| CVE-2021-23180 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.8 High |
| A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. | ||||
| CVE-2021-23178 | 1 Odoo | 3 Odoo, Odoo Community, Odoo Enterprise | 2024-11-21 | 7.5 High |
| Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead. | ||||