Search Results (364348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44245 1 Covid 19 Testing Management System Project 1 Covid 19 Testing Management System 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters.
CVE-2021-44244 1 Sourcecodester Logistic Hub Parcel\'s Management System Project 1 Sourcecodester Logistic Hub Parcel\'s Management System 2024-11-21 9.8 Critical
An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.
CVE-2021-44238 1 Ayacms Project 1 Ayacms 2024-11-21 7.2 High
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,
CVE-2021-44235 1 Sap 1 Netweaver Application Server Abap 2024-11-21 6.7 Medium
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.
CVE-2021-44234 1 Sap 1 Business One 2024-11-21 5.5 Medium
SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
CVE-2021-44233 1 Sap 1 Access Control 2024-11-21 8.8 High
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.
CVE-2021-44232 1 Sap 1 Saf-t Framework 2024-11-21 7.7 High
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.
CVE-2021-44231 1 Sap 2 Abap Platform, Netweaver Application Server Abap 2024-11-21 9.8 Critical
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVE-2021-44230 2 Microsoft, Portswigger 2 Windows, Burp Suite 2024-11-21 6.5 Medium
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.
CVE-2021-44227 3 Debian, Gnu, Redhat 5 Debian Linux, Mailman, Enterprise Linux and 2 more 2024-11-21 8.8 High
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
CVE-2021-44226 2 Microsoft, Razer 2 Windows, Synapse 2024-11-21 7.3 High
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.
CVE-2021-44225 3 Fedoraproject, Keepalived, Redhat 3 Fedora, Keepalived, Enterprise Linux 2024-11-21 5.4 Medium
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
CVE-2021-44224 7 Apache, Apple, Debian and 4 more 15 Http Server, Mac Os X, Macos and 12 more 2024-11-21 8.2 High
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2021-44223 1 Wordpress 1 Wordpress 2024-11-21 8.1 High
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
CVE-2021-44222 1 Siemens 1 Simatic Easie Core Package 2024-11-21 9.1 Critical
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.
CVE-2021-44221 1 Siemens 1 Simatic Easie Core Package 2024-11-21 7.5 High
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.
CVE-2021-44219 1 Gin-vue-admin Project 1 Gin-vue-admin 2024-11-21 9.8 Critical
Gin-Vue-Admin before 2.4.6 mishandles a SQL database.
CVE-2021-44217 1 Ericsson 1 Codechecker 2024-11-21 6.1 Medium
In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
CVE-2021-44216 1 Northern.tech 1 Cfengine 2024-11-21 5.5 Medium
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.
CVE-2021-44215 1 Northern.tech 1 Cfengine 2024-11-21 5.5 Medium
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.