Export limit exceeded: 84175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31795 | 1 Pvrsrvkm.ko Project | 1 Pvrsrvkm.ko | 2024-11-21 | 7.0 High |
| The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR. | ||||
| CVE-2021-31793 | 1 Nightowlsp | 2 Wdb-20, Wdb-20 Firmware | 2024-11-21 | 7.5 High |
| An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI. | ||||
| CVE-2021-31791 | 1 Sentrysoftware | 1 Hardware Sentry Km For Bmc Patrol | 2024-11-21 | 7.5 High |
| In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. | ||||
| CVE-2021-31784 | 2 Opendesign, Siemens | 2 Drawings Sdk, Comos | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | ||||
| CVE-2021-31783 | 1 Piwigo | 1 Localfiles Editor | 2024-11-21 | 7.5 High |
| show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check. | ||||
| CVE-2021-31780 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. | ||||
| CVE-2021-31776 | 2 Aviatrix, Microsoft | 2 Vpn Client, Windows | 2024-11-21 | 7.8 High |
| Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators. | ||||
| CVE-2021-31769 | 1 Myq-solution | 1 Myq Server | 2024-11-21 | 8.8 High |
| MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. | ||||
| CVE-2021-31762 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | ||||
| CVE-2021-31760 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | ||||
| CVE-2021-31745 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.5 High |
| Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password. | ||||
| CVE-2021-31728 | 1 Malwarefox | 1 Antimalware | 2024-11-21 | 7.8 High |
| Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook with IOCTL 0x80002044 and execute the executable memory using this hook with IOCTL 0x80002014 or 0x80002018, this exposes ring 0 code execution in the context of the driver allowing the non-privileged process to elevate privileges. | ||||
| CVE-2021-31727 | 1 Malwarefox | 1 Antimalware | 2024-11-21 | 7.8 High |
| Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile. | ||||
| CVE-2021-31718 | 1 Npupnp Project | 1 Npupnp | 2024-11-21 | 8.8 High |
| The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution. | ||||
| CVE-2021-31702 | 1 Frontiersoftware | 1 Ichris | 2024-11-21 | 7.5 High |
| Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. | ||||
| CVE-2021-31701 | 1 Mintty Project | 1 Mintty | 2024-11-21 | 7.5 High |
| Mintty before 3.4.7 mishandles Bracketed Paste Mode. | ||||
| CVE-2021-31684 | 3 Json-smart Project, Oracle, Redhat | 4 Json-smart-v1, Json-smart-v2, Utilities Framework and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. | ||||
| CVE-2021-31681 | 1 Ultralytics | 1 Yolov3 | 2024-11-21 | 7.8 High |
| Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file. | ||||
| CVE-2021-31680 | 1 Ultralytics | 1 Yolov5 | 2024-11-21 | 7.8 High |
| Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file. | ||||
| CVE-2021-31671 | 1 Pgsync Project | 1 Pgsync | 2024-11-21 | 7.5 High |
| pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used. | ||||