Export limit exceeded: 364863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364863 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-23247 1 Oppo 1 Quick App 2024-11-21 9.8 Critical
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine
CVE-2021-23246 1 Oppo 2 Ace2, Coloros 2024-11-21 7.5 High
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
CVE-2021-23244 1 Oppo 1 Coloros 2024-11-21 7.8 High
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
CVE-2021-23243 2 Google, Oppo 36 Android, Oppo A12, Oppo A15 and 33 more 2024-11-21 7.8 High
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
CVE-2021-23242 1 Mercusys 2 Mercury X18g, Mercury X18g Firmware 2024-11-21 5.3 Medium
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.
CVE-2021-23241 1 Mercusys 2 Mercury X18g, Mercury X18g Firmware 2024-11-21 5.3 Medium
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
CVE-2021-23240 4 Fedoraproject, Netapp, Redhat and 1 more 5 Fedora, Hci Management Node, Solidfire and 2 more 2024-11-21 7.8 High
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
CVE-2021-23239 5 Debian, Fedoraproject, Netapp and 2 more 7 Debian Linux, Fedora, Cloud Backup and 4 more 2024-11-21 2.5 Low
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
CVE-2021-23230 1 Gallagher 1 Command Centre 2024-11-21 9.9 Critical
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
CVE-2021-23228 1 Deltaww 1 Diaenergie 2024-11-21 7.5 High
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
CVE-2021-23225 2 Cacti, Debian 2 Cacti, Debian Linux 2024-11-21 5.4 Medium
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
CVE-2021-23222 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Software Collections 2024-11-21 5.9 Medium
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVE-2021-23219 3 Linux, Microsoft, Nvidia 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more 2024-11-21 4.1 Medium
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure.
CVE-2021-23218 1 Mirantis 1 Mirantis Container Runtime 2024-11-21 5.3 Medium
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.
CVE-2021-23217 3 Linux, Microsoft, Nvidia 65 Linux Kernel, Windows, Geforce Gt 605 and 62 more 2024-11-21 7.5 High
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.
CVE-2021-23215 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2024-11-21 5.5 Medium
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
CVE-2021-23214 3 Fedoraproject, Postgresql, Redhat 7 Fedora, Postgresql, Enterprise Linux and 4 more 2024-11-21 8.1 High
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CVE-2021-23211 1 Gallagher 1 Command Centre 2024-11-21 6 Medium
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).
CVE-2021-23206 1 Htmldoc Project 1 Htmldoc 2024-11-21 7.8 High
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVE-2021-23205 1 Gallagher 1 Command Centre 2024-11-21 8.1 High
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.