Search Results (364021 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-32100 1 Artica 1 Pandora Fms 2024-11-21 6.5 Medium
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
CVE-2021-32099 1 Artica 1 Pandora Fms 2024-11-21 9.8 Critical
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
CVE-2021-32098 1 Artica 1 Pandora Fms 2024-11-21 9.8 Critical
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
CVE-2021-32096 1 Nsa 1 Emissary 2024-11-21 8.8 High
The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.
CVE-2021-32095 1 Nsa 1 Emissary 2024-11-21 8.1 High
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.
CVE-2021-32094 1 Nsa 1 Emissary 2024-11-21 8.8 High
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.
CVE-2021-32093 1 Nsa 1 Emissary 2024-11-21 6.5 Medium
The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.
CVE-2021-32092 1 Nsa 1 Emissary 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.
CVE-2021-32091 1 Localstack 1 Localstack 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.
CVE-2021-32090 1 Localstack 1 Localstack 2024-11-21 9.8 Critical
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.
CVE-2021-32089 1 Zebra 2 Fx9500, Fx9500 Firmware 2024-11-21 9.8 Critical
An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-32078 1 Linux 1 Linux Kernel 2024-11-21 7.1 High
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
CVE-2021-32077 1 Veritystream 1 Msow Solutions 2024-11-21 7.5 High
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.
CVE-2021-32076 1 Solarwinds 1 Web Help Desk 2024-11-21 5.3 Medium
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVE-2021-32075 1 Re-logic 1 Terraria 2024-11-21 9.8 Critical
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.
CVE-2021-32074 1 Hashicorp 1 Vault-action 2024-11-21 7.5 High
HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.
CVE-2021-32073 1 Dedecms 1 Dedecms 2024-11-21 8.8 High
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-32072 1 Mitel 1 Micollab 2024-11-21 6.5 Medium
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods.
CVE-2021-32071 1 Mitel 1 Micollab 2024-11-21 9.8 Critical
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.
CVE-2021-32070 1 Mitel 1 Micollab 2024-11-21 5.4 Medium
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.