Export limit exceeded: 361558 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 84928 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84928 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37345 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | ||||
| CVE-2021-37343 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | ||||
| CVE-2021-37322 | 1 Gnu | 2 Binutils, Gcc | 2024-11-21 | 7.8 High |
| GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | ||||
| CVE-2021-37292 | 1 Kevinlab | 1 4st L-bems | 2024-11-21 | 7.2 High |
| An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. | ||||
| CVE-2021-37289 | 1 Planex | 2 Mzk-dp150n, Mzk-dp150n Firmware | 2024-11-21 | 7.2 High |
| Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | ||||
| CVE-2021-37274 | 1 Kingdee | 1 Kis Cloud | 2024-11-21 | 8.8 High |
| Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | ||||
| CVE-2021-37273 | 1 Chinatelecom | 2 Epon Tianyi Gateway Zxhn F450, Epon Tianyi Gateway Zxhn F450 Firmware | 2024-11-21 | 7.5 High |
| A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times. | ||||
| CVE-2021-37262 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 7.5 High |
| JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. | ||||
| CVE-2021-37254 | 1 M-files | 1 M-files Web | 2024-11-21 | 7.5 High |
| In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | ||||
| CVE-2021-37253 | 1 M-files | 1 M-files Web | 2024-11-21 | 7.5 High |
| M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application | ||||
| CVE-2021-37221 | 1 Customer Relationship Management System Project | 1 Customer Relationship Management System | 2024-11-21 | 8.8 High |
| A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . | ||||
| CVE-2021-37219 | 1 Hashicorp | 1 Consul | 2024-11-21 | 8.8 High |
| HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. | ||||
| CVE-2021-37218 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 8.8 High |
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. | ||||
| CVE-2021-37214 | 1 Larvata | 1 Flygo | 2024-11-21 | 8.8 High |
| The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command. | ||||
| CVE-2021-37207 | 1 Siemens | 1 Sentron Powermanager 3 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | ||||
| CVE-2021-37206 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. | ||||
| CVE-2021-37203 | 1 Siemens | 2 Nx 1980, Solid Edge | 2024-11-21 | 7.1 High |
| A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. | ||||
| CVE-2021-37202 | 1 Siemens | 2 Nx 1980, Solid Edge | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-37201 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link. | ||||
| CVE-2021-37200 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 7.7 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. | ||||