Export limit exceeded: 17848 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20152 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | ||||
| CVE-2021-26724 | 1 Nozominetworks | 2 Central Management Control, Guardian | 2024-11-21 | 7.2 High |
| OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. | ||||
| CVE-2021-26713 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-11-21 | 6.5 Medium |
| A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. | ||||
| CVE-2021-26709 | 1 D-link | 1 Dsl-320b-d1 | 2024-11-21 | 9.8 Critical |
| D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-26704 | 1 Eprints | 1 Eprints | 2024-11-21 | 8.8 High |
| EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. | ||||
| CVE-2021-26691 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Http Server, Debian Linux, Fedora and 7 more | 2024-11-21 | 9.8 Critical |
| In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | ||||
| CVE-2021-26684 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26683 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26681 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26680 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26679 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26675 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | ||||
| CVE-2021-26623 | 2 Bandisoft, Microsoft | 2 Bandizip, Windows | 2024-11-21 | 7.8 High |
| A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. | ||||
| CVE-2021-26616 | 1 Secuwiz | 1 Secuwayssl U | 2024-11-21 | 7.8 High |
| An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments. | ||||
| CVE-2021-26603 | 2 Bandisoft, Microsoft | 2 Ark Library, Windows | 2024-11-21 | 8.6 High |
| A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check. | ||||
| CVE-2021-26543 | 1 Wayfair | 1 Git-parse | 2024-11-21 | 8.8 High |
| The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5. | ||||
| CVE-2021-26541 | 1 Gitlog Project | 1 Gitlog | 2024-11-21 | 9.8 Critical |
| The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability. | ||||
| CVE-2021-26530 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 9.1 Critical |
| The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||
| CVE-2021-26529 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 9.1 Critical |
| The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||
| CVE-2021-26528 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 9.1 Critical |
| The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||