Search Results (363422 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33254 2 Embedthis, Linux 2 Appweb, Linux Kernel 2024-11-21 7.5 High
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
CVE-2021-33221 1 Commscope 1 Ruckus Iot Controller 2024-11-21 9.8 Critical
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
CVE-2021-33220 1 Commscope 1 Ruckus Iot Controller 2024-11-21 7.8 High
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
CVE-2021-33219 1 Commscope 1 Ruckus Iot Controller 2024-11-21 9.8 Critical
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
CVE-2021-33218 1 Commscope 1 Ruckus Iot Controller 2024-11-21 9.8 Critical
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
CVE-2021-33217 1 Commscope 1 Ruckus Iot Controller 2024-11-21 8.8 High
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
CVE-2021-33216 1 Commscope 1 Ruckus Iot Controller 2024-11-21 9.8 Critical
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
CVE-2021-33215 1 Commscope 1 Ruckus Iot Controller 2024-11-21 4.3 Medium
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.
CVE-2021-33214 1 Hms-networks 1 Ecatcher 2024-11-21 6.1 Medium
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
CVE-2021-33213 1 Element-it 1 Http Commander 2024-11-21 6.5 Medium
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.
CVE-2021-33212 1 Element-it 1 Http Commander 2024-11-21 5.4 Medium
A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.
CVE-2021-33211 1 Element-it 1 Http Commander 2024-11-21 6.5 Medium
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.
CVE-2021-33210 1 Fimer 1 Aurora Vision 2024-11-21 4.3 Medium
An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.
CVE-2021-33209 1 Fimer 1 Aurora Vision 2024-11-21 5.3 Medium
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.
CVE-2021-33208 1 Softwareag 1 Mashzone Nextgen 2024-11-21 7.2 High
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.
CVE-2021-33207 1 Softwareag 1 Mashzone Nextgen 2024-11-21 9.8 Critical
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
CVE-2021-33205 1 Westerndigital 1 Edgerover 2024-11-21 8.8 High
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
CVE-2021-33204 1 Pgxn 1 Pg Partman 2024-11-21 9.8 Critical
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.
CVE-2021-33203 3 Djangoproject, Fedoraproject, Redhat 5 Django, Fedora, Openstack and 2 more 2024-11-21 4.9 Medium
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
CVE-2021-33200 4 Fedoraproject, Linux, Netapp and 1 more 20 Fedora, Linux Kernel, Cloud Backup and 17 more 2024-11-21 7.8 High
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.