Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365359 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20026 | 1 Sonicwall | 1 Network Security Manager | 2024-11-21 | 8.8 High |
| A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. | ||||
| CVE-2021-20025 | 1 Sonicwall | 1 Email Security Virtual Appliance | 2024-11-21 | 7.8 High |
| SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall. | ||||
| CVE-2021-20024 | 1 Sonicwall | 8 Switch, Sws12-10fpoe, Sws12-8 and 5 more | 2024-11-21 | 8.1 High |
| Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. | ||||
| CVE-2021-20020 | 1 Sonicwall | 1 Global Management System | 2024-11-21 | 9.8 Critical |
| A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | ||||
| CVE-2021-20019 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 7.5 High |
| A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | ||||
| CVE-2021-20018 | 1 Sonicwall | 2 Sma100, Sma100 Firmware | 2024-11-21 | 4.9 Medium |
| A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | ||||
| CVE-2021-20017 | 1 Sonicwall | 2 Sma100, Sma100 Firmware | 2024-11-21 | 8.8 High |
| A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | ||||
| CVE-2021-20001 | 2 Debian, Skolelinux | 2 Debian Linux, Debian-edu-config | 2024-11-21 | 9.8 Critical |
| It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | ||||
| CVE-2021-1999 | 1 Oracle | 3 Enterprise Manager Ops Center, Hyperion Infrastructure Technology, Zfs Storage Appliance | 2024-11-21 | 5 Medium |
| Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N). | ||||
| CVE-2021-1998 | 4 Fedoraproject, Netapp, Oracle and 1 more | 10 Fedora, Active Iq Unified Manager, Oncommand Insight and 7 more | 2024-11-21 | 3.8 Low |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). | ||||
| CVE-2021-1997 | 1 Oracle | 1 Hospitality Reporting And Analytics | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Report). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2021-1996 | 1 Oracle | 4 Agile Engineering Data Management, Hyperion Infrastructure Technology, Siebel Ui Framework and 1 more | 2024-11-21 | 2.4 Low |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N). | ||||
| CVE-2021-1995 | 1 Oracle | 1 Weblogic Server | 2024-11-21 | 6.5 Medium |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). | ||||
| CVE-2021-1994 | 1 Oracle | 2 Enterprise Repository, Weblogic Server | 2024-11-21 | 9.8 Critical |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2021-1993 | 1 Oracle | 4 Database Server, Enterprise Manager Ops Center, Hyperion Infrastructure Technology and 1 more | 2024-11-21 | 4.8 Medium |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N). | ||||
| CVE-2021-1985 | 1 Qualcomm | 190 Apq8017, Apq8017 Firmware, Apq8053 and 187 more | 2024-11-21 | 8.4 High |
| Possible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | ||||
| CVE-2021-1984 | 1 Qualcomm | 190 Apq8017, Apq8017 Firmware, Apq8053 and 187 more | 2024-11-21 | 8.4 High |
| Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | ||||
| CVE-2021-1983 | 1 Qualcomm | 190 Apq8017, Apq8017 Firmware, Apq8053 and 187 more | 2024-11-21 | 8.4 High |
| Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | ||||
| CVE-2021-1982 | 1 Qualcomm | 144 Ar8035, Ar8035 Firmware, Qca6390 and 141 more | 2024-11-21 | 7.5 High |
| Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||||
| CVE-2021-1981 | 1 Qualcomm | 180 Apq8017, Apq8017 Firmware, Ar8035 and 177 more | 2024-11-21 | 7.5 High |
| Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||||