Export limit exceeded: 363674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363674 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26964 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.1 High |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. | ||||
| CVE-2021-26963 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.2 High |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | ||||
| CVE-2021-26962 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.2 High |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | ||||
| CVE-2021-26961 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.8 High |
| A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | ||||
| CVE-2021-26960 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.8 High |
| A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | ||||
| CVE-2021-26958 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 8.8 High |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type. | ||||
| CVE-2021-26957 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server. | ||||
| CVE-2021-26956 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value. | ||||
| CVE-2021-26955 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server. | ||||
| CVE-2021-26954 | 1 Qwutils Project | 1 Qwutils | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop. | ||||
| CVE-2021-26953 | 1 Postscript Project | 1 Postscript | 2024-11-21 | 7.5 High |
| An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation. | ||||
| CVE-2021-26952 | 1 Ms3d Project | 1 Ms3d | 2024-11-21 | 7.5 High |
| An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read. | ||||
| CVE-2021-26951 | 1 Calamine Project | 1 Calamine | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get. | ||||
| CVE-2021-26948 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.8 High |
| Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. | ||||
| CVE-2021-26947 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. | ||||
| CVE-2021-26945 | 1 Openexr | 1 Openexr | 2024-11-21 | 5.5 Medium |
| An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | ||||
| CVE-2021-26943 | 1 Asus | 2 Ux360ca, Ux360ca Bios | 2024-11-21 | 8.2 High |
| The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). | ||||
| CVE-2021-26939 | 1 Henriquedornas | 1 Henriquedornas | 2024-11-21 | 7.5 High |
| An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem | ||||
| CVE-2021-26938 | 1 Henriquedornas | 1 Henriquedornas | 2024-11-21 | 5.4 Medium |
| A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts | ||||
| CVE-2021-26936 | 1 Replaysorcery Project | 1 Replaysorcery | 2024-11-21 | 7.8 High |
| The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations. | ||||