Search Results (365359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-42811 1 Thalesgroup 1 Safenet Keysecure 2024-11-21 3.3 Low
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed.
CVE-2021-42810 1 Thalesgroup 1 Safenet Authentication Service Remote Desktop Gateway 2024-11-21 7.8 High
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.
CVE-2021-42809 2 Microsoft, Thalesgroup 2 Windows, Sentinel Protection Installer 2024-11-21 6.5 Medium
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
CVE-2021-42808 2 Microsoft, Thalesgroup 2 Windows, Sentinel Protection Installer 2024-11-21 6.5 Medium
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
CVE-2021-42797 1 Aveva 1 Edge 2024-11-21 7.5 High
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
CVE-2021-42796 1 Aveva 1 Edge 2024-11-21 9.8 Critical
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
CVE-2021-42794 1 Aveva 1 Edge 2024-11-21 5.3 Medium
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
CVE-2021-42791 1 Veridiumid 1 Veridiumad 2024-11-21 7.3 High
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.
CVE-2021-42787 1 Riverbed 1 Steelcentral Appinternals Dynamic Sampling Agent 2024-11-21 9.4 Critical
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
CVE-2021-42786 1 Riverbed 1 Steelcentral Appinternals Dynamic Sampling Agent 2024-11-21 9.8 Critical
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.
CVE-2021-42785 1 Tightvnc 1 Tightvnc 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
CVE-2021-42784 1 Dlink 2 Dwr-932c, Dwr-932c E1 Firmware 2024-11-21 9.8 Critical
OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.
CVE-2021-42783 1 Dlink 2 Dwr-932c, Dwr-932c E1 Firmware 2024-11-21 9.8 Critical
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.
CVE-2021-42776 1 Cloverdx 1 Cloverdx 2024-11-21 7.7 High
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
CVE-2021-42775 1 Broadcom 1 Emulex Hba Manager 2024-11-21 9.1 Critical
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.
CVE-2021-42774 1 Broadcom 1 Emulex Hba Manager 2024-11-21 9.8 Critical
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.
CVE-2021-42773 1 Broadcom 1 Emulex Hba Manager 2024-11-21 7.5 High
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.
CVE-2021-42772 1 Broadcom 2 Emulex Hba Manager, One Command Manager 2024-11-21 9.8 Critical
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated
CVE-2021-42771 3 Debian, Pocoo, Redhat 4 Debian Linux, Babel, Enterprise Linux and 1 more 2024-11-21 7.8 High
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
CVE-2021-42770 1 Opnsense 1 Opnsense 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.