Export limit exceeded: 10710 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42560 | 1 Mitre | 1 Caldera | 2024-11-21 | 8.8 High |
| An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.). | ||||
| CVE-2021-42545 | 1 Business-dnasolutions | 1 Topease | 2024-11-21 | 8.1 High |
| An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | ||||
| CVE-2021-42536 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 8 High |
| The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | ||||
| CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2024-11-21 | 7.8 High |
| AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | ||||
| CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 7.8 High |
| BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-42194 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 7.2 High |
| The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | ||||
| CVE-2021-41847 | 1 3xlogic | 1 Infinias Access Control | 2024-11-21 | 8.8 High |
| An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software. | ||||
| CVE-2021-41826 | 1 Place | 1 Placeos Authentication | 2024-11-21 | 6.1 Medium |
| PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. | ||||
| CVE-2021-41770 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 7.5 High |
| Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | ||||
| CVE-2021-41752 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 9.8 Critical |
| Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | ||||
| CVE-2021-41733 | 1 Oppia | 1 Oppia | 2024-11-21 | 6.1 Medium |
| Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. | ||||
| CVE-2021-41608 | 1 Classapps | 1 Selectsurvey.net | 2024-11-21 | 7.5 High |
| A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | ||||
| CVE-2021-41562 | 1 Snowsoftware | 1 Snow Inventory Agent | 2024-11-21 | 6.1 Medium |
| A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows. | ||||
| CVE-2021-41500 | 2 Cvxopt Project, Fedoraproject | 2 Cvxopt, Fedora | 2024-11-21 | 7.5 High |
| Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. | ||||
| CVE-2021-41411 | 1 Redhat | 1 Drools | 2024-11-21 | 9.8 Critical |
| drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | ||||
| CVE-2021-41329 | 1 Datalust | 1 Seq | 2024-11-21 | 6.5 Medium |
| Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements. | ||||
| CVE-2021-41307 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | ||||
| CVE-2021-41306 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | ||||
| CVE-2021-41305 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. | ||||
| CVE-2021-41301 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-11-21 | 9.8 Critical |
| ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. | ||||