Export limit exceeded: 363308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25309 1 Gigaset 2 Dx600a, Dx600a Firmware 2024-11-21 9.8 Critical
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.
CVE-2021-25306 1 Gigaset 2 Dx600a, Dx600a Firmware 2024-11-21 7.5 High
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.
CVE-2021-25299 1 Nagios 1 Nagios Xi 2024-11-21 6.1 Medium
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
CVE-2021-25295 1 Opencats 1 Opencats 2024-11-21 6.1 Medium
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.
CVE-2021-25294 1 Opencats 1 Opencats 2024-11-21 9.8 Critical
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp.
CVE-2021-25293 2 Python, Redhat 3 Pillow, Enterprise Linux, Quay 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
CVE-2021-25292 2 Python, Redhat 3 Pillow, Enterprise Linux, Quay 2024-11-21 6.5 Medium
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
CVE-2021-25291 2 Python, Redhat 2 Pillow, Quay 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
CVE-2021-25290 3 Debian, Python, Redhat 4 Debian Linux, Pillow, Enterprise Linux and 1 more 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25289 2 Python, Redhat 2 Pillow, Quay 2024-11-21 9.8 Critical
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
CVE-2021-25288 3 Fedoraproject, Python, Redhat 3 Fedora, Pillow, Enterprise Linux 2024-11-21 9.1 Critical
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
CVE-2021-25287 3 Fedoraproject, Python, Redhat 3 Fedora, Pillow, Enterprise Linux 2024-11-21 9.1 Critical
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
CVE-2021-25284 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-11-21 4.4 Medium
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-25283 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-11-21 9.8 Critical
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
CVE-2021-25282 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-11-21 9.1 Critical
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
CVE-2021-25281 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-11-21 9.8 Critical
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
CVE-2021-25278 1 Ftapi 1 Ftapi 2024-11-21 4.8 Medium
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.
CVE-2021-25277 1 Ftapi 1 Ftapi 2024-11-21 6.1 Medium
FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.
CVE-2021-25276 1 Solarwinds 1 Serv-u 2024-11-21 7.1 High
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.
CVE-2021-25275 1 Solarwinds 1 Orion Platform 2024-11-21 7.8 High
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.