Export limit exceeded: 29887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46419 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2024-11-21 | 9.1 Critical |
| An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. | ||||
| CVE-2021-46418 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2024-11-21 | 7.5 High |
| An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | ||||
| CVE-2021-46270 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 2.7 Low |
| JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | ||||
| CVE-2021-46167 | 1 Wizplat | 2 Pd065, Pd065 Firmware | 2024-11-21 | 7.8 High |
| An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). | ||||
| CVE-2021-45896 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-11-21 | 8.8 High |
| Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. | ||||
| CVE-2021-45730 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 6 Medium |
| JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | ||||
| CVE-2021-45338 | 1 Avast | 1 Antivirus | 2024-11-21 | 7.8 High |
| Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. | ||||
| CVE-2021-45289 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. | ||||
| CVE-2021-45115 | 3 Djangoproject, Fedoraproject, Redhat | 4 Django, Fedora, Satellite and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | ||||
| CVE-2021-45092 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 9.8 Critical |
| Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | ||||
| CVE-2021-45091 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 4.3 Medium |
| Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | ||||
| CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 5.2 Medium |
| Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | ||||
| CVE-2021-45074 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 4.3 Medium |
| JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | ||||
| CVE-2021-44903 | 1 Msi | 1 Center Pro | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44901 | 1 Msi | 1 Dragon Center | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44900 | 1 Msi | 1 App Player | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44899 | 1 Msi | 1 Center | 2024-11-21 | 7.8 High |
| Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | ||||
| CVE-2021-44886 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.3 Medium |
| In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. | ||||
| CVE-2021-44877 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2024-11-21 | 7.5 High |
| Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed. | ||||
| CVE-2021-44852 | 1 Biostar | 1 Racing Gt Evo | 2024-11-21 | 7.8 High |
| An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000. | ||||