Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26917 | 1 Bitmessage | 1 Pybitmessage | 2024-11-21 | 5.5 Medium |
| PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker | ||||
| CVE-2021-26916 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.1 Medium |
| In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. | ||||
| CVE-2021-26915 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | ||||
| CVE-2021-26914 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | ||||
| CVE-2021-26913 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | ||||
| CVE-2021-26912 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | ||||
| CVE-2021-26911 | 2 Canarymail, Libmailcore | 2 Canary Mail, Mailcore2 | 2024-11-21 | 7.4 High |
| core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. | ||||
| CVE-2021-26910 | 2 Debian, Firejail Project | 2 Debian Linux, Firejail | 2024-11-21 | 7.8 High |
| Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | ||||
| CVE-2021-26909 | 1 Automox | 1 Automox | 2024-11-21 | 3.7 Low |
| Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | ||||
| CVE-2021-26908 | 1 Automox | 1 Automox | 2024-11-21 | 3.3 Low |
| Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | ||||
| CVE-2021-26906 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-11-21 | 5.9 Medium |
| An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. | ||||
| CVE-2021-26905 | 1 1password | 1 Scim Bridge | 2024-11-21 | 6.5 Medium |
| 1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. | ||||
| CVE-2021-26904 | 1 Isida | 1 Retriever | 2024-11-21 | 9.8 Critical |
| LMA ISIDA Retriever 5.2 allows SQL Injection. | ||||
| CVE-2021-26903 | 1 Isida | 1 Retriever | 2024-11-21 | 6.1 Medium |
| LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. | ||||
| CVE-2021-26902 | 1 Microsoft | 1 High Efficiency Video Coding | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-26901 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2021-26900 | 1 Microsoft | 8 Windows 10, Windows 10 1809, Windows 10 1909 and 5 more | 2024-11-21 | 7.8 High |
| Windows Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2021-26899 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows UPnP Device Host Elevation of Privilege Vulnerability | ||||
| CVE-2021-26898 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2021-26897 | 1 Microsoft | 10 Windows Server 1909, Windows Server 2004, Windows Server 2008 and 7 more | 2024-11-21 | 9.8 Critical |
| Windows DNS Server Remote Code Execution Vulnerability | ||||