Export limit exceeded: 352846 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8343 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22030 | 1 Greenplum | 1 Greenplum | 2024-11-21 | 6.5 Medium |
| In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users | ||||
| CVE-2021-22024 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 7.5 High |
| The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | ||||
| CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 7.8 High |
| The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | ||||
| CVE-2021-21869 | 1 Codesys | 1 Codesys | 2024-11-21 | 7.8 High |
| An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21868 | 1 Codesys | 1 Codesys | 2024-11-21 | 7.8 High |
| An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21867 | 1 Codesys | 1 Codesys | 2024-11-21 | 7.8 High |
| An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21866 | 1 Codesys | 1 Development System | 2024-11-21 | 7.8 High |
| A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21865 | 1 Codesys | 1 Development System | 2024-11-21 | 7.8 High |
| A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21864 | 1 Codesys | 1 Development System | 2024-11-21 | 7.8 High |
| A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21863 | 1 Codesys | 1 Development System | 2024-11-21 | 7.8 High |
| A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21798 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 7.8 High |
| An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability. | ||||
| CVE-2021-21741 | 1 Zte | 2 Zxv10 M910, Zxv10 M910 Firmware | 2024-11-21 | 9.8 Critical |
| There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command. | ||||
| CVE-2021-21740 | 1 Zte | 2 Zxhn H2640, Zxhn H2640 Firmware | 2024-11-21 | 2.4 Low |
| There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. | ||||
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2024-11-21 | 4.4 Medium |
| A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. | ||||
| CVE-2021-21695 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.8 High |
| FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||||
| CVE-2021-21691 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 9.8 Critical |
| Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||||
| CVE-2021-21687 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 9.1 Critical |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. | ||||
| CVE-2021-21686 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.1 High |
| File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | ||||
| CVE-2021-21681 | 1 Jenkins | 1 Nomad | 2024-11-21 | 5.5 Medium |
| Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2021-21677 | 1 Jenkins | 1 Code Coverage Api | 2024-11-21 | 8.8 High |
| Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. | ||||