Export limit exceeded: 345464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25089 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36335 | 1 Dell | 1 Emc Cloud Link | 2024-11-21 | 4.3 Medium |
| Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server | ||||
| CVE-2021-36325 | 1 Dell | 566 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 563 more | 2024-11-21 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2021-36324 | 1 Dell | 566 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 563 more | 2024-11-21 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2021-36323 | 1 Dell | 566 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 563 more | 2024-11-21 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2021-36322 | 1 Dell | 18 X1008, X1008 Firmware, X1008p and 15 more | 2024-11-21 | 6.1 Medium |
| Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. | ||||
| CVE-2021-36321 | 1 Dell | 18 X1008, X1008 Firmware, X1008p and 15 more | 2024-11-21 | 7.5 High |
| Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | ||||
| CVE-2021-36283 | 1 Dell | 170 Chengming 3990, Chengming 3990 Firmware, Chengming 3991 and 167 more | 2024-11-21 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-11-21 | 8.3 High |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | ||||
| CVE-2021-36192 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 5.2 Medium |
| An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS. | ||||
| CVE-2021-36151 | 1 Apache | 1 Gobblin | 2024-11-21 | 5.5 Medium |
| In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. | ||||
| CVE-2021-36096 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.2 Medium |
| Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | ||||
| CVE-2021-36095 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. | ||||
| CVE-2021-36091 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 Low |
| Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27. | ||||
| CVE-2021-36044 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 7.5 High |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field. | ||||
| CVE-2021-36042 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution. | ||||
| CVE-2021-36041 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution. | ||||
| CVE-2021-36040 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution. | ||||
| CVE-2021-36038 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 6.5 Medium |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. | ||||
| CVE-2021-36035 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve remote code execution. | ||||
| CVE-2021-36034 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. | ||||