Export limit exceeded: 367103 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367103 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25216 4 Debian, Isc, Netapp and 1 more 23 Debian Linux, Bind, Active Iq Unified Manager and 20 more 2024-11-21 8.1 High
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.
CVE-2021-25215 7 Debian, Fedoraproject, Isc and 4 more 31 Debian Linux, Fedora, Bind and 28 more 2024-11-21 7.5 High
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
CVE-2021-25214 6 Debian, Fedoraproject, Isc and 3 more 25 Debian Linux, Fedora, Bind and 22 more 2024-11-21 6.5 Medium
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
CVE-2021-25213 1 Travel Management System Project 1 Travel Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
CVE-2021-25212 1 Alumni Management System Project 1 Alumni Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.
CVE-2021-25211 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.
CVE-2021-25210 1 Alumni Management System Project 1 Alumni Management System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php.
CVE-2021-25209 1 Theme Park Ticketing System Project 1 Theme Park Ticketing System 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .
CVE-2021-25208 1 Travel Management System Project 1 Travel Management System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
CVE-2021-25207 1 E-commerce Website Project 1 E-commerce Website 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
CVE-2021-25206 1 Responsive Ordering System Project 1 Responsive Ordering System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
CVE-2021-25205 1 E-commerce Website Project 1 E-commerce Website 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
CVE-2021-25204 1 E-commerce Website Project 1 E-commerce Website 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
CVE-2021-25203 1 Victor Cms Project 1 Victor Cms 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
CVE-2021-25202 1 Sales And Inventory System Project 1 Sales And Inventory System 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php.
CVE-2021-25201 1 Learning Management System Project 1 Learning Management System 2024-11-21 7.5 High
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
CVE-2021-25200 1 Learning Management System Project 1 Learning Management System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
CVE-2021-25197 1 Content Management System Project 1 Content Management System 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php
CVE-2021-25195 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.8 High
Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25179 1 Solarwinds 1 Serv-u File Server 2024-11-21 6.1 Medium
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.