Search Results (363351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27668 1 Hashicorp 1 Vault 2024-11-21 5.3 Medium
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
CVE-2021-27665 1 Johnsoncontrols 1 Exacqvision Server 2024-11-21 7.5 High
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.
CVE-2021-27664 1 Johnsoncontrols 1 Exacqvision Web Service 2024-11-21 9.8 Critical
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
CVE-2021-27663 1 Johnsoncontrols 2 Ac2000, Ac2000 Firmware 2024-11-21 8.2 High
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
CVE-2021-27662 1 Johnsoncontrols 2 Kantech Kt-1 Door Controller, Kantech Kt-1 Door Controller Firmware 2024-11-21 8.6 High
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01
CVE-2021-27661 1 Johnsoncontrols 2 F4-snc, F4-snc Firmware 2024-11-21 8.8 High
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC.
CVE-2021-27660 1 Johnsoncontrols 2 C-cure 9000, C-cure 9000 Firmware 2024-11-21 8.8 High
An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.
CVE-2021-27659 1 Johnsoncontrols 1 Exacqvision Web Service 2024-11-21 5.3 Medium
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2021-27658 1 Johnsoncontrols 1 Exacqvision Enterprise Manager 2024-11-21 4.3 Medium
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2021-27657 1 Johnsoncontrols 1 Metasys 2024-11-21 8.8 High
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.
CVE-2021-27656 1 Johnsoncontrols 1 Exacqvision Web Service 2024-11-21 5.3 Medium
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.
CVE-2021-27654 1 Pega 1 Infinity 2024-11-21 7.8 High
Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
CVE-2021-27653 1 Pega 1 Infinity 2024-11-21 6.6 Medium
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
CVE-2021-27651 1 Pega 1 Infinity 2024-11-21 9.8 Critical
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
CVE-2021-27648 1 Synology 1 Antivirus Essential 2024-11-21 9 Critical
Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
CVE-2021-27644 1 Apache 1 Dolphinscheduler 2024-11-21 8.8 High
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
CVE-2021-27643 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2021-27642 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2021-27641 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2021-27640 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.