Export limit exceeded: 85962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45458 1 Apache 1 Kylin 2024-11-21 7.5 High
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CVE-2021-45457 1 Apache 1 Kylin 2024-11-21 7.5 High
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CVE-2021-45454 1 Amperecomputing 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more 2024-11-21 7.5 High
Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon.
CVE-2021-45451 2 Arm, Fedoraproject 2 Mbed Tls, Fedora 2024-11-21 7.5 High
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
CVE-2021-45445 1 Unisys 1 Clearpath Mcp Tcp\/ip Networking Services 2024-11-21 7.5 High
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.
CVE-2021-45444 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 7.8 High
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
CVE-2021-45442 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2024-11-21 7.1 High
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-45441 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2024-11-21 7.8 High
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-45440 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2024-11-21 7.8 High
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-45419 1 Starcharge 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more 2024-11-21 8.8 High
Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9.
CVE-2021-45418 1 Starcharge 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more 2024-11-21 8.8 High
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.
CVE-2021-45417 5 Advanced Intrusion Detection Environment Project, Canonical, Debian and 2 more 11 Advanced Intrusion Detection Environment, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 7.8 High
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
CVE-2021-45406 1 Salonerp Project 1 Salonerp 2024-11-21 8.8 High
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
CVE-2021-45394 1 Html2pdf Project 1 Html2pdf 2024-11-21 8.8 High
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.
CVE-2021-45392 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 High
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
CVE-2021-45391 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 High
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
CVE-2021-45379 1 Glewlwyd Project 1 Glewlwyd 2024-11-21 8.8 High
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVE-2021-45348 1 Attendance Management System Project 1 Attendance Management System 2024-11-21 7.5 High
An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash).
CVE-2021-45347 1 Zzcms 1 Zzcms 2024-11-21 7.5 High
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
CVE-2021-45342 3 Debian, Fedoraproject, Librecad 3 Debian Linux, Fedora, Librecad 2024-11-21 7.8 High
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.