Export limit exceeded: 365292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365292 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20081 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Servicedesk Plus | 2024-11-21 | 7.2 High |
| Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | ||||
| CVE-2021-20080 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.1 Medium |
| Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | ||||
| CVE-2021-20079 | 1 Tenable | 1 Nessus | 2024-11-21 | 6.7 Medium |
| Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | ||||
| CVE-2021-20078 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.1 Critical |
| Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS. | ||||
| CVE-2021-20077 | 1 Tenable | 1 Nessus Agent | 2024-11-21 | 6.7 Medium |
| Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. | ||||
| CVE-2021-20076 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 8.8 High |
| Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | ||||
| CVE-2021-20075 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 7.8 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | ||||
| CVE-2021-20074 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 8.8 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | ||||
| CVE-2021-20073 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 8.8 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | ||||
| CVE-2021-20072 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 7.2 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. | ||||
| CVE-2021-20071 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 4.8 Medium |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. | ||||
| CVE-2021-20070 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 4.8 Medium |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. | ||||
| CVE-2021-20069 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 4.8 Medium |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. | ||||
| CVE-2021-20068 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 4.8 Medium |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. | ||||
| CVE-2021-20067 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 5.3 Medium |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. | ||||
| CVE-2021-20066 | 1 Jsdom Project | 1 Jsdom | 2024-11-21 | 5.6 Medium |
| JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. | ||||
| CVE-2021-20051 | 1 Sonicwall | 1 Global Vpn Client | 2024-11-21 | 7.8 High |
| SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. | ||||
| CVE-2021-20050 | 1 Sonicwall | 12 Sma100, Sma200, Sma210 and 9 more | 2024-11-21 | 7.5 High |
| An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | ||||
| CVE-2021-20049 | 1 Sonicwall | 12 Sma100, Sma200, Sma210 and 9 more | 2024-11-21 | 7.5 High |
| A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. | ||||
| CVE-2021-20048 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2024-11-21 | 8.8 High |
| A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | ||||