Export limit exceeded: 17478 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40219 | 1 Bolt | 1 Bolt Cms | 2024-11-21 | 8.8 High |
| Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. | ||||
| CVE-2021-40189 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 7.2 High |
| PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code. | ||||
| CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | ||||
| CVE-2021-40175 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | ||||
| CVE-2021-40146 | 1 Apache | 1 Any23 | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. | ||||
| CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | ||||
| CVE-2021-40097 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. | ||||
| CVE-2021-3943 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | ||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 7.4 High |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | ||||
| CVE-2021-3840 | 1 Lenovo | 1 Antilles | 2024-11-21 | 8.8 High |
| A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. | ||||
| CVE-2021-3832 | 1 Artica | 1 Integria Ims | 2024-11-21 | 9.8 Critical |
| Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability. | ||||
| CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2024-11-21 | 9.8 Critical |
| A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | ||||
| CVE-2021-3694 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 8.2 High |
| LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | ||||
| CVE-2021-3693 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 8.8 High |
| LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | ||||
| CVE-2021-3657 | 4 Debian, Fedoraproject, Isync Project and 1 more | 4 Debian Linux, Fedora, Isync and 1 more | 2024-11-21 | 9.8 Critical |
| A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. | ||||
| CVE-2021-3584 | 2 Redhat, Theforeman | 4 Satellite, Satellite Capsule, Satellite Utils and 1 more | 2024-11-21 | 7.2 High |
| A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. | ||||
| CVE-2021-3578 | 3 Debian, Fedoraproject, Isync Project | 3 Debian Linux, Fedora, Isync | 2024-11-21 | 7.8 High |
| A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client. | ||||
| CVE-2021-3577 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 8.8 High |
| An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. | ||||
| CVE-2021-3570 | 4 Debian, Fedoraproject, Linuxptp Project and 1 more | 8 Debian Linux, Fedora, Linuxptp and 5 more | 2024-11-21 | 8.8 High |
| A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. | ||||
| CVE-2021-3555 | 1 Eufylife | 4 Solo Indoorcam C24, Solo Indoorcam C24 Firmware, Solo Indoorcam P24 and 1 more | 2024-11-21 | 7.6 High |
| A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions. | ||||