Export limit exceeded: 342070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7947 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26998 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 4.3 Medium |
| NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | ||||
| CVE-2021-26915 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | ||||
| CVE-2021-26914 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | ||||
| CVE-2021-26913 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | ||||
| CVE-2021-26912 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2024-11-21 | 8.1 High |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | ||||
| CVE-2021-26908 | 1 Automox | 1 Automox | 2024-11-21 | 3.3 Low |
| Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | ||||
| CVE-2021-26889 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2021-26873 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7 High |
| Windows User Profile Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-26866 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2024-11-21 | 7.1 High |
| Windows Update Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-26862 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2021-26797 | 1 Hametech | 2 Hame Sd1 Wi-fi, Hame Sd1 Wi-fi Firmware | 2024-11-21 | 9.8 Critical |
| An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service. | ||||
| CVE-2021-26720 | 2 Avahi, Debian | 2 Avahi, Debian Linux | 2024-11-21 | 7.8 High |
| avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. | ||||
| CVE-2021-26558 | 1 Apache | 1 Shardingsphere-ui | 2024-11-21 | 7.5 High |
| Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0. | ||||
| CVE-2021-26426 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 7 High |
| Windows User Account Profile Picture Elevation of Privilege Vulnerability | ||||
| CVE-2021-26425 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2021-26341 | 2 Amd, Redhat | 255 A10-9600p, A10-9600p Firmware, A10-9630p and 252 more | 2024-11-21 | 6.5 Medium |
| Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||||
| CVE-2021-26089 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 6.7 Medium |
| An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | ||||
| CVE-2021-25923 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.1 High |
| In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. | ||||
| CVE-2021-25839 | 1 Minthcm | 1 Minthcm | 2024-11-21 | 9.8 Critical |
| A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. | ||||
| CVE-2021-25758 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.8 High |
| In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | ||||