Export limit exceeded: 365340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33530 1 Weidmueller 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more 2024-11-21 8.8 High
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.
CVE-2021-33529 1 Weidmueller 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more 2024-11-21 7.5 High
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.
CVE-2021-33528 1 Weidmueller 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more 2024-11-21 8.8 High
In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2021-33527 1 Mbconnectline 1 Mbdialup 2024-11-21 9.8 Critical
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
CVE-2021-33526 1 Mbconnectline 1 Mbdialup 2024-11-21 7.8 High
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
CVE-2021-33525 1 Eyesofnetwork 1 Eyesofnetwork 2024-11-21 8.8 High
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
CVE-2021-33523 1 Softwareag 1 Mashzone Nextgen 2024-11-21 7.2 High
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.
CVE-2021-33516 2 Gnome, Redhat 3 Gupnp, Enterprise Linux, Rhel Eus 2024-11-21 8.1 High
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
CVE-2021-33515 4 Debian, Dovecot, Fedoraproject and 1 more 4 Debian Linux, Dovecot, Fedora and 1 more 2024-11-21 4.8 Medium
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
CVE-2021-33514 1 Netgear 34 Gc108p, Gc108p Firmware, Gc108pp and 31 more 2024-11-21 8.8 High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3.
CVE-2021-33513 1 Plone 1 Plone 2024-11-21 5.4 Medium
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
CVE-2021-33512 1 Plone 1 Plone 2024-11-21 5.4 Medium
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
CVE-2021-33511 1 Plone 1 Plone 2024-11-21 7.5 High
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
CVE-2021-33510 1 Plone 1 Plone 2024-11-21 4.3 Medium
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
CVE-2021-33509 1 Plone 1 Plone 2024-11-21 9.9 Critical
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
CVE-2021-33508 1 Plone 1 Plone 2024-11-21 5.4 Medium
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
CVE-2021-33507 2 Plone, Zope 2 Plone, Zope 2024-11-21 6.1 Medium
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
CVE-2021-33506 1 8x8 1 Jitsi Meet 2024-11-21 7.5 High
jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.
CVE-2021-33505 1 Falco 1 Falco 2024-11-21 7.8 High
A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.
CVE-2021-33504 1 Couchbase 1 Couchbase Server 2024-11-21 4.9 Medium
Couchbase Server before 7.1.0 has Incorrect Access Control.