Export limit exceeded: 363654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363654 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27030 | 1 Autodesk | 1 Fbx Review | 2024-11-21 | 7.8 High |
| A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. | ||||
| CVE-2021-27029 | 1 Autodesk | 1 Fbx Review | 2024-11-21 | 5.5 Medium |
| The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service. | ||||
| CVE-2021-27028 | 1 Autodesk | 1 Fbx Review | 2024-11-21 | 7.8 High |
| A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files. | ||||
| CVE-2021-27027 | 1 Autodesk | 1 Fbx Review | 2024-11-21 | 7.8 High |
| An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. | ||||
| CVE-2021-27026 | 1 Puppet | 3 Puppet, Puppet Connect, Puppet Enterprise | 2024-11-21 | 4.4 Medium |
| A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | ||||
| CVE-2021-27025 | 3 Fedoraproject, Puppet, Redhat | 8 Fedora, Puppet, Puppet Agent and 5 more | 2024-11-21 | 6.5 Medium |
| A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | ||||
| CVE-2021-27024 | 1 Puppet | 1 Continuous Delivery | 2024-11-21 | 8.1 High |
| A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0 | ||||
| CVE-2021-27023 | 3 Fedoraproject, Puppet, Redhat | 7 Fedora, Puppet Agent, Puppet Enterprise and 4 more | 2024-11-21 | 9.8 Critical |
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | ||||
| CVE-2021-27022 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-11-21 | 4.9 Medium |
| A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | ||||
| CVE-2021-27021 | 1 Puppet | 3 Puppet, Puppet Enterprise, Puppetdb | 2024-11-21 | 8.8 High |
| A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | ||||
| CVE-2021-27020 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 8.8 High |
| Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | ||||
| CVE-2021-27019 | 1 Puppet | 2 Puppet Enterprise, Puppetdb | 2024-11-21 | 4.3 Medium |
| PuppetDB logging included potentially sensitive system information. | ||||
| CVE-2021-27018 | 1 Puppet | 1 Remediate | 2024-11-21 | 7.5 High |
| The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source. | ||||
| CVE-2021-27007 | 1 Netapp | 1 Virtual Desktop Service | 2024-11-21 | 9.8 Critical |
| NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. | ||||
| CVE-2021-27006 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 4.4 Medium |
| StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | ||||
| CVE-2021-27005 | 1 Netapp | 1 Ontap System Manager | 2024-11-21 | 7.5 High |
| Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | ||||
| CVE-2021-27004 | 1 Netapp | 1 Ontap System Manager | 2024-11-21 | 5.5 Medium |
| System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. | ||||
| CVE-2021-27003 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 4.7 Medium |
| Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | ||||
| CVE-2021-27002 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 7.5 High |
| NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | ||||
| CVE-2021-27001 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.5 Medium |
| Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | ||||