Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33218 1 Commscope 1 Ruckus Iot Controller 2024-11-21 9.8 Critical
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
CVE-2021-33217 1 Commscope 1 Ruckus Iot Controller 2024-11-21 8.8 High
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
CVE-2021-33216 1 Commscope 1 Ruckus Iot Controller 2024-11-21 9.8 Critical
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
CVE-2021-33215 1 Commscope 1 Ruckus Iot Controller 2024-11-21 4.3 Medium
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.
CVE-2021-33214 1 Hms-networks 1 Ecatcher 2024-11-21 6.1 Medium
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
CVE-2021-33213 1 Element-it 1 Http Commander 2024-11-21 6.5 Medium
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.
CVE-2021-33212 1 Element-it 1 Http Commander 2024-11-21 5.4 Medium
A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.
CVE-2021-33211 1 Element-it 1 Http Commander 2024-11-21 6.5 Medium
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.
CVE-2021-33210 1 Fimer 1 Aurora Vision 2024-11-21 4.3 Medium
An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.
CVE-2021-33209 1 Fimer 1 Aurora Vision 2024-11-21 5.3 Medium
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.
CVE-2021-33208 1 Softwareag 1 Mashzone Nextgen 2024-11-21 7.2 High
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.
CVE-2021-33207 1 Softwareag 1 Mashzone Nextgen 2024-11-21 9.8 Critical
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
CVE-2021-33205 1 Westerndigital 1 Edgerover 2024-11-21 8.8 High
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
CVE-2021-33204 1 Pgxn 1 Pg Partman 2024-11-21 9.8 Critical
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.
CVE-2021-33203 3 Djangoproject, Fedoraproject, Redhat 5 Django, Fedora, Openstack and 2 more 2024-11-21 4.9 Medium
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
CVE-2021-33200 4 Fedoraproject, Linux, Netapp and 1 more 20 Fedora, Linux Kernel, Cloud Backup and 17 more 2024-11-21 7.8 High
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
CVE-2021-33199 1 Expressionengine 1 Expressionengine 2024-11-21 9.8 Critical
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
CVE-2021-33198 2 Golang, Redhat 13 Go, Advanced Cluster Security, Container Native Virtualization and 10 more 2024-11-21 7.5 High
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVE-2021-33197 2 Golang, Redhat 11 Go, Advanced Cluster Security, Container Native Virtualization and 8 more 2024-11-21 5.3 Medium
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
CVE-2021-33196 3 Debian, Golang, Redhat 8 Debian Linux, Go, Devtools and 5 more 2024-11-21 7.5 High
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.