Export limit exceeded: 363718 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 85699 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85699 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43412 1 Gnu 1 Hurd 2024-11-21 7.8 High
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
CVE-2021-43411 1 Gnu 1 Hurd 2024-11-21 7.5 High
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.
CVE-2021-43406 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.8 High
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
CVE-2021-43405 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.8 High
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
CVE-2021-43404 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.8 High
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
CVE-2021-43399 1 Yubico 1 Yubihsm 2 Software Development Kit 2024-11-21 7.5 High
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
CVE-2021-43397 1 Liquidfiles 1 Liquidfiles 2024-11-21 8.8 High
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.
CVE-2021-43396 2 Gnu, Oracle 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more 2024-11-21 7.5 High
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
CVE-2021-43391 1 Opendesign 1 Drawings Software Development Kit 2024-11-21 7.8 High
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43390 1 Opendesign 1 Drawings Software Development Kit 2024-11-21 7.8 High
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43388 1 Unisys 1 Cargo Mobile 2024-11-21 7.5 High
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.
CVE-2021-43360 1 Sun 1 Ehrd 2024-11-21 8.8 High
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
CVE-2021-43359 1 Sun 1 Ehrd 2024-11-21 8.8 High
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
CVE-2021-43358 1 Sun 1 Ehrd 2024-11-21 7.5 High
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
CVE-2021-43339 1 Ericsson 1 Network Location 2024-11-21 8.8 High
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
CVE-2021-43336 2 Opendesign, Siemens 4 Drawings Software Development Kit, Jt2go, Solid Edge and 1 more 2024-11-21 7.8 High
An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43326 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
CVE-2021-43325 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
CVE-2021-43296 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 7.5 High
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2021-43289 1 Thoughtworks 1 Gocd 2024-11-21 7.5 High
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.