Search Results (364488 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-39301 1 Hp 374 260 G3 Desktop Mini Pc, 260 G3 Desktop Mini Pc Firmware, Elite Dragonfly and 371 more 2024-11-21 8.8 High
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVE-2021-39300 1 Hp 374 260 G3 Desktop Mini Pc, 260 G3 Desktop Mini Pc Firmware, Elite Dragonfly and 371 more 2024-11-21 8.8 High
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVE-2021-39299 1 Hp 374 260 G3 Desktop Mini Pc, 260 G3 Desktop Mini Pc Firmware, Elite Dragonfly and 371 more 2024-11-21 8.8 High
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVE-2021-39297 1 Hp 374 260 G3 Desktop Mini Pc, 260 G3 Desktop Mini Pc Firmware, Elite Dragonfly and 371 more 2024-11-21 8.8 High
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVE-2021-39296 1 Openbmc-project 1 Openbmc 2024-11-21 10.0 Critical
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.
CVE-2021-39293 3 Golang, Netapp, Redhat 7 Go, Cloud Insights Telegraf, Advanced Cluster Security and 4 more 2024-11-21 7.5 High
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
CVE-2021-39291 1 Netmodule 16 Nb1600, Nb1601, Nb1800 and 13 more 2024-11-21 8.8 High
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
CVE-2021-39290 1 Netmodule 16 Nb1600, Nb1601, Nb1800 and 13 more 2024-11-21 9.8 Critical
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
CVE-2021-39289 1 Netmodule 16 Nb1600, Nb1601, Nb1800 and 13 more 2024-11-21 7.5 High
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
CVE-2021-39286 1 Webrecorder 1 Pywb 2024-11-21 6.1 Medium
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.
CVE-2021-39285 1 Versa-networks 1 Versa Director 2024-11-21 6.1 Medium
A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack.
CVE-2021-39283 1 Live555 1 Live555 2024-11-21 5.5 Medium
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
CVE-2021-39282 1 Live555 1 Live555 2024-11-21 7.5 High
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
CVE-2021-39280 1 Korenix 12 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 9 more 2024-11-21 8.8 High
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
CVE-2021-39279 1 Moxa 24 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 21 more 2024-11-21 8.8 High
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.
CVE-2021-39278 1 Moxa 24 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 21 more 2024-11-21 6.1 Medium
Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.
CVE-2021-39274 1 Xerosecurity 1 Sn1per 2024-11-21 9.8 Critical
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges.
CVE-2021-39273 1 Xerosecurity 1 Sn1per 2024-11-21 8.8 High
In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.
CVE-2021-39272 3 Fedoraproject, Fetchmail, Redhat 3 Fedora, Fetchmail, Enterprise Linux 2024-11-21 5.9 Medium
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2021-39271 1 Bscw 1 Bscw Classic 2024-11-21 8.8 High
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.