Search

Search Results (364098 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28962 1 Stormshield 1 Stormshield Network Security 2024-11-21 7.2 High
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
CVE-2021-28961 1 Openwrt 1 Openwrt 2024-11-21 8.8 High
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
CVE-2021-28960 1 Manageengine 1 Desktop Central 2024-11-21 9.8 Critical
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
CVE-2021-28959 1 Zohocorp 1 Manageengine Eventlog Analyzer 2024-11-21 9.8 Critical
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
CVE-2021-28958 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 9.8 Critical
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
CVE-2021-28956 1 Sass Lint Project 1 Sass Lint 2024-11-21 8.8 High
The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28955 1 Git-bug Project 1 Git-bug 2024-11-21 9.8 Critical
git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
CVE-2021-28954 2 Bit Project, Microsoft 2 Bit, Windows 2024-11-21 7.8 High
In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.
CVE-2021-28953 1 C\/c\+\+ Advanced Lint Project 1 C\/c\+\+ Advanced Lint 2024-11-21 7.8 High
The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.
CVE-2021-28952 3 Fedoraproject, Linux, Netapp 11 Fedora, Linux Kernel, A250 and 8 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)
CVE-2021-28951 3 Fedoraproject, Linux, Netapp 11 Fedora, Linux Kernel, A250 and 8 more 2024-11-21 5.5 Medium
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.
CVE-2021-28950 4 Debian, Fedoraproject, Linux and 1 more 5 Debian Linux, Fedora, Linux Kernel and 2 more 2024-11-21 5.5 Medium
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.
CVE-2021-28941 1 Magpierss Project 1 Magpierss 2024-11-21 5.3 Medium
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.
CVE-2021-28940 1 Magpierss Project 1 Magpierss 2024-11-21 9.8 Critical
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.
CVE-2021-28938 1 Siren 1 Federate 2024-11-21 4.3 Medium
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query's privileges.
CVE-2021-28937 1 Acexy 2 Wireless-n Wifi Repeater, Wireless-n Wifi Repeater Firmware 2024-11-21 7.5 High
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.
CVE-2021-28936 1 Acexy 2 Wireless-n Wifi Repeater, Wireless-n Wifi Repeater Firmware 2024-11-21 7.5 High
The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.
CVE-2021-28935 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
CVE-2021-28931 1 Fork-cms 1 Fork Cms 2024-11-21 8.8 High
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
CVE-2021-28927 2 Libretro, Microsoft 2 Retroarch, Windows 2024-11-21 7.8 High
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.