Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32578 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). | ||||
| CVE-2021-32577 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. | ||||
| CVE-2021-32576 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). | ||||
| CVE-2021-32575 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. | ||||
| CVE-2021-32574 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1. | ||||
| CVE-2021-32573 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 4.8 Medium |
| The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website. | ||||
| CVE-2021-32572 | 1 Specotech | 1 Web Viewer | 2024-11-21 | 7.5 High |
| Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file. | ||||
| CVE-2021-32571 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-11-21 | 4.9 Medium |
| In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | ||||
| CVE-2021-32570 | 1 Ericsson | 1 Network Manager | 2024-11-21 | 4.9 Medium |
| In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. | ||||
| CVE-2021-32569 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-11-21 | 6.1 Medium |
| In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | ||||
| CVE-2021-32568 | 1 Mrdoc | 1 Mrdoc | 2024-11-21 | 7.8 High |
| mrdoc is vulnerable to Deserialization of Untrusted Data | ||||
| CVE-2021-32567 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | ||||
| CVE-2021-32566 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | ||||
| CVE-2021-32565 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 7.5 High |
| Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | ||||
| CVE-2021-32563 | 1 Xfce | 1 Thunar | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. | ||||
| CVE-2021-32561 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 6.1 Medium |
| OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. | ||||
| CVE-2021-32560 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 6.5 Medium |
| The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. | ||||
| CVE-2021-32558 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-11-21 | 7.5 High |
| An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur. | ||||
| CVE-2021-32557 | 1 Canonical | 1 Apport | 2024-11-21 | 5.2 Medium |
| It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | ||||
| CVE-2021-32556 | 1 Canonical | 1 Apport | 2024-11-21 | 3.8 Low |
| It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | ||||