Export limit exceeded: 367120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367120 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3391 | 1 Mobileiron | 1 Mobile\@work | 2024-11-21 | 5.3 Medium |
| MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message | ||||
| CVE-2021-3384 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.3 Medium |
| A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. | ||||
| CVE-2021-3382 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. | ||||
| CVE-2021-3380 | 1 Height8tech | 1 H8 Ssrms | 2024-11-21 | 6.5 Medium |
| Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. | ||||
| CVE-2021-3378 | 1 Fortilogger | 1 Fortilogger | 2024-11-21 | 9.8 Critical |
| FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. | ||||
| CVE-2021-3376 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 8.8 High |
| An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | ||||
| CVE-2021-3375 | 1 Atomisystems | 1 Activepresenter | 2024-11-21 | 9.8 Critical |
| ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution. | ||||
| CVE-2021-3374 | 1 Rstudio | 1 Shiny Server | 2024-11-21 | 5.3 Medium |
| Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. | ||||
| CVE-2021-3370 | 1 Douco | 1 Douphp | 2024-11-21 | 6.1 Medium |
| DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. | ||||
| CVE-2021-3355 | 1 Lightcms Project | 1 Lightcms | 2024-11-21 | 5.4 Medium |
| A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. | ||||
| CVE-2021-3352 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 9.1 Critical |
| The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | ||||
| CVE-2021-3351 | 1 Openplcproject | 1 Openplc | 2024-11-21 | 5.4 Medium |
| OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. | ||||
| CVE-2021-3350 | 1 Delete Account Project | 1 Delete Account | 2024-11-21 | 6.1 Medium |
| deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter. | ||||
| CVE-2021-3349 | 1 Gnome | 1 Evolution | 2024-11-21 | 3.3 Low |
| GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior | ||||
| CVE-2021-3348 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. | ||||
| CVE-2021-3346 | 1 Nic | 1 Foris | 2024-11-21 | 9.8 Critical |
| Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. | ||||
| CVE-2021-3345 | 2 Gnupg, Oracle | 2 Libgcrypt, Communications Billing And Revenue Management | 2024-11-21 | 7.8 High |
| _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. | ||||
| CVE-2021-3344 | 1 Redhat | 3 Openshift, Openshift Builder, Openshift Container Platform | 2024-11-21 | 8.8 High |
| A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. | ||||
| CVE-2021-3342 | 1 Eprints | 1 Eprints | 2024-11-21 | 9.8 Critical |
| EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. | ||||
| CVE-2021-3341 | 1 Dh2i | 2 Dxenterprise, Dxodyssey | 2024-11-21 | 7.5 High |
| A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request. | ||||