Export limit exceeded: 363714 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85697 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43406 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.8 High
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
CVE-2021-43405 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.8 High
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
CVE-2021-43404 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.8 High
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
CVE-2021-43399 1 Yubico 1 Yubihsm 2 Software Development Kit 2024-11-21 7.5 High
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
CVE-2021-43397 1 Liquidfiles 1 Liquidfiles 2024-11-21 8.8 High
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.
CVE-2021-43396 2 Gnu, Oracle 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more 2024-11-21 7.5 High
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
CVE-2021-43391 1 Opendesign 1 Drawings Software Development Kit 2024-11-21 7.8 High
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43390 1 Opendesign 1 Drawings Software Development Kit 2024-11-21 7.8 High
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43388 1 Unisys 1 Cargo Mobile 2024-11-21 7.5 High
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.
CVE-2021-43360 1 Sun 1 Ehrd 2024-11-21 8.8 High
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
CVE-2021-43359 1 Sun 1 Ehrd 2024-11-21 8.8 High
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
CVE-2021-43358 1 Sun 1 Ehrd 2024-11-21 7.5 High
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
CVE-2021-43339 1 Ericsson 1 Network Location 2024-11-21 8.8 High
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
CVE-2021-43336 2 Opendesign, Siemens 4 Drawings Software Development Kit, Jt2go, Solid Edge and 1 more 2024-11-21 7.8 High
An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43326 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
CVE-2021-43325 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
CVE-2021-43296 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 7.5 High
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2021-43289 1 Thoughtworks 1 Gocd 2024-11-21 7.5 High
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
CVE-2021-43287 1 Thoughtworks 1 Gocd 2024-11-21 7.5 High
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.
CVE-2021-43286 1 Thoughtworks 1 Gocd 2024-11-21 8.8 High
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.