Export limit exceeded: 10239 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10239 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44519 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 8.8 High |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. | ||||
| CVE-2021-44255 | 2 Motioneye Project, Motioneyeos Project | 2 Motioneye, Motioneyeos | 2024-11-21 | 7.2 High |
| Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. | ||||
| CVE-2021-44238 | 1 Ayacms Project | 1 Ayacms | 2024-11-21 | 7.2 High |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, | ||||
| CVE-2021-44165 | 1 Siemens | 8 7kg9501-0aa01-0aa1, 7kg9501-0aa01-0aa1 Firmware, 7kg9501-0aa01-2aa1 and 5 more | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. | ||||
| CVE-2021-44143 | 3 Debian, Fedoraproject, Isync Project | 3 Debian Linux, Fedora, Isync | 2024-11-21 | 9.8 Critical |
| A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. | ||||
| CVE-2021-44114 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. | ||||
| CVE-2021-44087 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. | ||||
| CVE-2021-44082 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 8.3 High |
| textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. | ||||
| CVE-2021-44079 | 1 Wazuh | 1 Wazuh | 2024-11-21 | 9.8 Critical |
| In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | ||||
| CVE-2021-44031 | 1 Quest | 1 Kace Desktop Authority | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}. | ||||
| CVE-2021-43947 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 7.2 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | ||||
| CVE-2021-43944 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 7.2 High |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | ||||
| CVE-2021-43907 | 1 Microsoft | 1 Windows Subsystem For Linux | 2024-11-21 | 9.8 Critical |
| Visual Studio Code WSL Extension Remote Code Execution Vulnerability | ||||
| CVE-2021-43899 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2024-11-21 | 9.8 Critical |
| Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | ||||
| CVE-2021-43891 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-43889 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 7.2 High |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2021-43882 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 9 Critical |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2021-43875 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2021-43857 | 1 Gerapy | 1 Gerapy | 2024-11-21 | 9.8 Critical |
| Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8. | ||||
| CVE-2021-43844 | 1 Msedgeredirect Project | 1 Msedgeredirect | 2024-11-21 | 8.8 High |
| MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acceptance of a prompt. With how MSEdgeRedirect is coded, parameters are impossible to pass to any launched file. However, there are two possible scenarios in which an attacker can do more than a minor annoyance. In Scenario 1 (confirmed), a user visits an attacker controlled webpage; the user is prompted with, and downloads, an executable payload; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and RCE executes the payload the user previously downloaded, if the download path is successfully guessed. In Scenario 2 (not yet confirmed), a user visits an attacked controlled webpage; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and a payload on a remote, attacker controlled, SMB server is executed. The issue was found in the _DecodeAndRun() function, in which I incorrectly assumed _WinAPI_UrlIs() would only accept web resources. Unfortunately, file:/// passes the default _WinAPI_UrlIs check(). File paths are now directly checked for and must fail. There is no currently known exploitation of this vulnerability in the wild. A patched version, 0.5.0.1, has been released that checks for and denies these crafted URLs. There are no workarounds for this issue. Users are advised not to accept any unexpected prompts from web pages. | ||||