Search Results (365153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41411 1 Redhat 1 Drools 2024-11-21 9.8 Critical
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
CVE-2021-41408 1 Voipmonitor 1 Voipmonitor 2024-11-21 9.8 Critical
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
CVE-2021-41403 1 Flatcore 1 Flatcore-cms 2024-11-21 9.8 Critical
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.
CVE-2021-41402 1 Flatcore 1 Flatcore-cms 2024-11-21 8.8 High
flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.
CVE-2021-41396 1 Live555 1 Live555 2024-11-21 7.5 High
Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.
CVE-2021-41395 1 Goteleport 1 Teleport 2024-11-21 6.5 Medium
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVE-2021-41394 1 Goteleport 1 Teleport 2024-11-21 5.3 Medium
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVE-2021-41393 1 Goteleport 1 Teleport 2024-11-21 9.8 Critical
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41392 1 Boostnote 1 Boostnote 2024-11-21 9.8 Critical
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
CVE-2021-41391 1 Ericsson 1 Enterprise Content Management 2024-11-21 5.4 Medium
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.
CVE-2021-41390 1 Ericsson 1 Enterprise Content Management 2024-11-21 8.0 High
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.
CVE-2021-41388 2 Apple, Netskope 2 Macos, Netskope 2024-11-21 7.8 High
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
CVE-2021-41387 1 Seatd Project 1 Seatd 2024-11-21 8.8 High
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
CVE-2021-41385 1 Securonix 1 Snypr 2024-11-21 6.5 Medium
The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF.
CVE-2021-41383 1 Netgear 2 R6020, R6020 Firmware 2024-11-21 7.2 High
setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.
CVE-2021-41382 1 Plasticscm 1 Plastic Scm 2024-11-21 7.5 High
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
CVE-2021-41381 1 Payara 1 Micro Community 2024-11-21 7.5 High
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
CVE-2021-41380 1 Realvnc 1 Vnc Viewer 2024-11-21 6.5 Medium
RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. NOTE: It is asserted that this issue requires social engineering a user into connecting to a fake VNC Server. The VNC Viewer application they are using will then hang, until terminated, but no memory leak occurs - the resources are freed once the hung process is terminated and the resource usage is constant during the hang. Only the process that is connected to the fake Server is affected. This is an application bug, not a security issue
CVE-2021-41378 1 Microsoft 12 Windows 10, Windows 10 1809, Windows 10 1909 and 9 more 2024-11-21 7.8 High
Windows NTFS Remote Code Execution Vulnerability
CVE-2021-41377 1 Microsoft 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more 2024-11-21 7.8 High
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability