Export limit exceeded: 366574 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366574 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23270 | 1 Gargoyle-router | 1 Gargoyle | 2024-11-21 | 7.5 High |
| In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | ||||
| CVE-2021-23267 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 7.6 High |
| Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. | ||||
| CVE-2021-23266 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 4.3 Medium |
| An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. | ||||
| CVE-2021-23265 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 3.5 Low |
| A logged-in and authenticated user with a Reviewer Role may lock a content item. | ||||
| CVE-2021-23264 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 8.1 High |
| Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. | ||||
| CVE-2021-23263 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 5.9 Medium |
| Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). | ||||
| CVE-2021-23262 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 4.2 Medium |
| Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. | ||||
| CVE-2021-23261 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 4.5 Medium |
| Authenticated administrators may override the system configuration file and cause a denial of service. | ||||
| CVE-2021-23260 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 6.5 Medium |
| Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. | ||||
| CVE-2021-23259 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 4.2 Medium |
| Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE). | ||||
| CVE-2021-23258 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 4.2 Medium |
| Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE). | ||||
| CVE-2021-23253 | 1 Opera | 1 Opera Mini | 2024-11-21 | 5.3 Medium |
| Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue. | ||||
| CVE-2021-23247 | 1 Oppo | 1 Quick App | 2024-11-21 | 9.8 Critical |
| A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | ||||
| CVE-2021-23246 | 1 Oppo | 2 Ace2, Coloros | 2024-11-21 | 7.5 High |
| In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | ||||
| CVE-2021-23244 | 1 Oppo | 1 Coloros | 2024-11-21 | 7.8 High |
| ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | ||||
| CVE-2021-23243 | 2 Google, Oppo | 36 Android, Oppo A12, Oppo A15 and 33 more | 2024-11-21 | 7.8 High |
| In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | ||||
| CVE-2021-23242 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 5.3 Medium |
| MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. | ||||
| CVE-2021-23241 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 5.3 Medium |
| MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. | ||||
| CVE-2021-23240 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Hci Management Node, Solidfire and 2 more | 2024-11-21 | 7.8 High |
| selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. | ||||
| CVE-2021-23239 | 5 Debian, Fedoraproject, Netapp and 2 more | 7 Debian Linux, Fedora, Cloud Backup and 4 more | 2024-11-21 | 2.5 Low |
| The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | ||||