Search Results (363304 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-30463 1 Vestacp 1 Control Panel 2024-11-21 7.8 High
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely.
CVE-2021-30462 1 Vestacp 1 Vesta Control Panel 2024-11-21 7.2 High
VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts.
CVE-2021-30461 1 Voipmonitor 1 Voipmonitor 2024-11-21 9.8 Critical
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
CVE-2021-30459 1 Jazzband 1 Django Debug Toolbar 2024-11-21 9.8 Critical
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
CVE-2021-30458 1 Wikimedia 1 Parsoid 2024-11-21 6.1 Medium
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.
CVE-2021-30457 1 Id-map Project 1 Id-map 2024-11-21 9.8 Critical
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl.
CVE-2021-30456 1 Id-map Project 1 Id-map 2024-11-21 9.8 Critical
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function.
CVE-2021-30455 1 Id-map Project 1 Id-map 2024-11-21 9.8 Critical
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.
CVE-2021-30454 1 Outer Cgi Project 1 Outer Cgi 2024-11-21 9.8 Critical
An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader.
CVE-2021-30361 1 Checkpoint 4 Gaia Os, Gaia Portal, Quantum Security Gateway and 1 more 2024-11-21 6.7 Medium
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
CVE-2021-30360 1 Checkpoint 1 Endpoint Security 2024-11-21 7.8 High
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
CVE-2021-30359 2 Checkpoint, Microsoft 3 Harmony Browse, Sandblast Agent For Browsers, Windows 2024-11-21 7.8 High
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.
CVE-2021-30358 1 Checkpoint 1 Mobile Access Portal Agent 2024-11-21 7.2 High
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.
CVE-2021-30357 1 Checkpoint 1 Ssl Network Extender 2024-11-21 5.3 Medium
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
CVE-2021-30356 1 Checkpoint 1 Identity Agent 2024-11-21 8.1 High
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.
CVE-2021-30355 1 Amazon 2 Kindle, Kindle Firmware 2024-11-21 8.6 High
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
CVE-2021-30354 1 Amazon 2 Kindle, Kindle Firmware 2024-11-21 8.6 High
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
CVE-2021-30353 1 Qualcomm 220 Ar8031, Ar8031 Firmware, Ar8035 and 217 more 2024-11-21 7.5 High
Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-30351 1 Qualcomm 392 Apq8009, Apq8009 Firmware, Apq8009w and 389 more 2024-11-21 9.8 Critical
An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2021-30350 1 Qualcomm 192 Aqt1000, Aqt1000 Firmware, Ar8035 and 189 more 2024-11-21 8.4 High
Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables