Search Results (36866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3242 1 Duxcms Project 1 Duxcms 2024-11-21 9.8 Critical
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
CVE-2021-3239 1 E-learning System Project 1 E-learning System 2024-11-21 9.8 Critical
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
CVE-2021-3197 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-11-21 9.8 Critical
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
CVE-2021-3128 1 Asus 54 Rt-ac1750 B1, Rt-ac1750 B1 Firmware, Rt-ac1900 and 51 more 2024-11-21 7.5 High
In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.
CVE-2021-3125 1 Tp-link 12 Tl-xdr1850, Tl-xdr1850 Firmware, Tl-xdr1860 and 9 more 2024-11-21 7.5 High
In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.
CVE-2021-3118 1 Medicalexpo 1 Ecs Imaging 2024-11-21 9.8 Critical
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-3110 1 Prestashop 1 Prestashop 2024-11-21 9.8 Critical
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
CVE-2021-3045 1 Paloaltonetworks 1 Pan-os 2024-11-21 4.9 Medium
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.
CVE-2021-3025 1 Invisioncommunity 1 Ips Community Suite 2024-11-21 8.8 High
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
CVE-2021-3021 1 Ispconfig 1 Ispconfig 2024-11-21 9.8 Critical
ISPConfig before 3.2.2 allows SQL injection.
CVE-2021-3018 1 Ipeak 1 Ipeakcms 2024-11-21 9.8 Critical
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
CVE-2021-39978 1 Huawei 1 Harmonyos 2024-11-21 7.5 High
Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues.
CVE-2021-39945 1 Gitlab 1 Gitlab 2024-11-21 2.7 Low
Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked
CVE-2021-39943 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call
CVE-2021-39936 1 Gitlab 1 Gitlab 2024-11-21 3.5 Low
Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.
CVE-2021-39930 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
CVE-2021-39924 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2024-11-21 7.5 High
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39923 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 7.5 High
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39918 1 Gitlab 1 Gitlab 2024-11-21 3.1 Low
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.
CVE-2021-39902 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.