Export limit exceeded: 366088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366088 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35056 | 1 Unisys | 1 Stealth | 2024-11-21 | 6.7 Medium |
| Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. | ||||
| CVE-2021-35055 | 1 Mediatek | 20 Mt7603e, Mt7603e Firmware, Mt7610 and 17 more | 2024-11-21 | 8.2 High |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). | ||||
| CVE-2021-35054 | 1 Minecraft | 1 Minecraft | 2024-11-21 | 7.5 High |
| Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. | ||||
| CVE-2021-35053 | 2 Kaspersky, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.5 High |
| Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. | ||||
| CVE-2021-35052 | 1 Kaspersky | 1 Password Manager | 2024-11-21 | 7.8 High |
| A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. | ||||
| CVE-2021-35050 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 6.5 Medium |
| User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions. | ||||
| CVE-2021-35049 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 9.9 Critical |
| Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | ||||
| CVE-2021-35048 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 9.8 Critical |
| Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | ||||
| CVE-2021-35047 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 9.9 Critical |
| Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | ||||
| CVE-2021-35046 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.1 Medium |
| A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. | ||||
| CVE-2021-35045 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. | ||||
| CVE-2021-35043 | 3 Antisamy Project, Netapp, Oracle | 11 Antisamy, Active Iq Unified Manager, Banking Enterprise Default Management and 8 more | 2024-11-21 | 6.1 Medium |
| OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character. | ||||
| CVE-2021-35042 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 9.8 Critical |
| Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | ||||
| CVE-2021-35041 | 1 Fisco-bcos | 1 Fisco-bcos | 2024-11-21 | 7.5 High |
| The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951 | ||||
| CVE-2021-35039 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. | ||||
| CVE-2021-35037 | 1 Jamf | 1 Jamf | 2024-11-21 | 6.1 Medium |
| Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822 | ||||
| CVE-2021-35036 | 1 Zyxel | 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more | 2024-11-21 | 6.5 Medium |
| A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-35035 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2024-11-21 | 4.9 Medium |
| A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-35034 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2024-11-21 | 7.4 High |
| An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. | ||||
| CVE-2021-35033 | 1 Zyxel | 12 Nbg6818, Nbg6818 Firmware, Nbg7815 and 9 more | 2024-11-21 | 7.8 High |
| A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. | ||||