Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3031 | 1 Paloaltonetworks | 14 Pa-200, Pa-2020, Pa-2050 and 11 more | 2024-11-21 | 4.3 Medium |
| Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5. | ||||
| CVE-2021-3029 | 1 Evolucare | 1 Ecs Imaging | 2024-11-21 | 9.8 Critical |
| EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-3028 | 1 Git-big-picture Project | 1 Git-big-picture | 2024-11-21 | 9.8 Critical |
| git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution. | ||||
| CVE-2021-3027 | 1 Librit | 1 Passhport | 2024-11-21 | 6.5 Medium |
| app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization. | ||||
| CVE-2021-3026 | 1 Invisioncommunity | 1 Ips Community Suite | 2024-11-21 | 6.1 Medium |
| Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. | ||||
| CVE-2021-3025 | 1 Invisioncommunity | 1 Ips Community Suite | 2024-11-21 | 8.8 High |
| Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php). | ||||
| CVE-2021-3024 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.3 Medium |
| HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7. | ||||
| CVE-2021-3022 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021). | ||||
| CVE-2021-3021 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 9.8 Critical |
| ISPConfig before 3.2.2 allows SQL injection. | ||||
| CVE-2021-3020 | 1 Clusterlabs | 1 Hawk | 2024-11-21 | 8.8 High |
| An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. | ||||
| CVE-2021-3019 | 1 Lanproxy Project | 1 Lanproxy | 2024-11-21 | 7.5 High |
| ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. | ||||
| CVE-2021-3018 | 1 Ipeak | 1 Ipeakcms | 2024-11-21 | 9.8 Critical |
| ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page. | ||||
| CVE-2021-3017 | 1 Intelbras | 4 Win 300, Win 300 Firmware, Wrn 342 and 1 more | 2024-11-21 | 7.5 High |
| The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. | ||||
| CVE-2021-3014 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.1 Medium |
| In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. | ||||
| CVE-2021-3013 | 2 Microsoft, Ripgrep Project | 2 Windows, Ripgrep | 2024-11-21 | 9.8 Critical |
| ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. | ||||
| CVE-2021-3012 | 1 Esri | 1 Arcgis Enterprise | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). | ||||
| CVE-2021-3011 | 4 Ftsafe, Google, Nxp and 1 more | 45 K13, K21, K40 and 42 more | 2024-11-21 | 4.2 Medium |
| An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF). | ||||
| CVE-2021-3010 | 1 Opentext | 1 Content Server | 2024-11-21 | 5.4 Medium |
| There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. | ||||
| CVE-2021-3007 | 2 Getlaminas, Zend | 2 Laminas-http, Zend Framework | 2024-11-21 | 9.8 Critical |
| Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized | ||||
| CVE-2021-3006 | 1 Seal Finance Project | 1 Seal Finance | 2024-11-21 | 7.5 High |
| The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021. | ||||