Export limit exceeded: 363714 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85697 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43406 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | ||||
| CVE-2021-43405 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | ||||
| CVE-2021-43404 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | ||||
| CVE-2021-43399 | 1 Yubico | 1 Yubihsm 2 Software Development Kit | 2024-11-21 | 7.5 High |
| The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | ||||
| CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 8.8 High |
| LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | ||||
| CVE-2021-43396 | 2 Gnu, Oracle | 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-11-21 | 7.5 High |
| In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. | ||||
| CVE-2021-43391 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43390 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2024-11-21 | 7.5 High |
| Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | ||||
| CVE-2021-43360 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43359 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43358 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.5 High |
| Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | ||||
| CVE-2021-43339 | 1 Ericsson | 1 Network Location | 2024-11-21 | 8.8 High |
| In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created. | ||||
| CVE-2021-43336 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Jt2go, Solid Edge and 1 more | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43326 | 2 Automox, Microsoft | 2 Automox, Windows | 2024-11-21 | 7.8 High |
| Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. | ||||
| CVE-2021-43325 | 2 Automox, Microsoft | 2 Automox, Windows | 2024-11-21 | 7.8 High |
| Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. | ||||
| CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | ||||
| CVE-2021-43289 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 7.5 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename. | ||||
| CVE-2021-43287 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 7.5 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | ||||
| CVE-2021-43286 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 8.8 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code. | ||||