Export limit exceeded: 363719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26739 | 1 Doyocms Project | 1 Doyocms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter. | ||||
| CVE-2021-26737 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 5.5 Medium |
| The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. | ||||
| CVE-2021-26734 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 4.4 Medium |
| Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. | ||||
| CVE-2021-26728 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | 10 Critical |
| Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | ||||
| CVE-2021-26725 | 1 Nozominetworks | 2 Central Management Control, Guardian | 2024-11-21 | 7.2 High |
| Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. | ||||
| CVE-2021-26724 | 1 Nozominetworks | 2 Central Management Control, Guardian | 2024-11-21 | 7.2 High |
| OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. | ||||
| CVE-2021-26723 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | 6.1 Medium |
| Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | ||||
| CVE-2021-26722 | 1 Linkedin | 1 Oncall | 2024-11-21 | 6.1 Medium |
| LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. | ||||
| CVE-2021-26720 | 2 Avahi, Debian | 2 Avahi, Debian Linux | 2024-11-21 | 7.8 High |
| avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. | ||||
| CVE-2021-26719 | 1 Gradle | 3 Enterprise Test Distribution Agent, Maven, Test Distribution | 2024-11-21 | 6.5 Medium |
| A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations. | ||||
| CVE-2021-26718 | 1 Kaspersky | 1 Internet Security | 2024-11-21 | 5.5 Medium |
| KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. | ||||
| CVE-2021-26717 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-11-21 | 7.5 High |
| An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. | ||||
| CVE-2021-26716 | 1 Openenergymonitor | 1 Emoncms | 2024-11-21 | 6.1 Medium |
| Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter. | ||||
| CVE-2021-26715 | 1 Mitreid | 1 Connect | 2024-11-21 | 9.1 Critical |
| The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network. | ||||
| CVE-2021-26714 | 1 Mitel | 1 Micontact Center Enterprise | 2024-11-21 | 9.8 Critical |
| The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal. | ||||
| CVE-2021-26713 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-11-21 | 6.5 Medium |
| A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. | ||||
| CVE-2021-26712 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-11-21 | 7.5 High |
| Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. | ||||
| CVE-2021-26711 | 1 Redwood | 1 Report2web | 2024-11-21 | 5.3 Medium |
| A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter. | ||||
| CVE-2021-26710 | 1 Redwood | 1 Report2web | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. | ||||