Export limit exceeded: 10122 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10122 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29472 | 3 Debian, Fedoraproject, Getcomposer | 3 Debian Linux, Fedora, Composer | 2024-11-21 | 8.8 High |
| Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue. | ||||
| CVE-2021-29465 | 1 Discord | 1 Discord-recon | 2024-11-21 | 8.3 High |
| Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their `setting.py` file then add `<` and `>` into the `RCE` variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4. | ||||
| CVE-2021-29461 | 1 Demon1a | 1 Discord-recon | 2024-11-21 | 8.1 High |
| Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch. | ||||
| CVE-2021-29393 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-11-21 | 9.8 Critical |
| Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters. | ||||
| CVE-2021-29302 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-11-21 | 8.1 High |
| TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. | ||||
| CVE-2021-29145 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 9.8 Critical |
| A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-28976 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 7.2 High |
| Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | ||||
| CVE-2021-28959 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution. | ||||
| CVE-2021-28958 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | ||||
| CVE-2021-28580 | 2 Adobe, Oculus | 4 Medium, Rift, Rift S and 1 more | 2024-11-21 | 8.8 High |
| Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-28483 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28482 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28481 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.8 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28480 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.8 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28477 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-28476 | 1 Microsoft | 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more | 2024-11-21 | 9.9 Critical |
| Windows Hyper-V Remote Code Execution Vulnerability | ||||
| CVE-2021-28475 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-28474 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28473 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-28472 | 1 Microsoft | 1 Vscode-maven | 2024-11-21 | 7.8 High |
| Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | ||||