Export limit exceeded: 10125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40025 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-3997 | 3 Fedoraproject, Redhat, Systemd Project | 3 Fedora, Enterprise Linux, Systemd | 2024-11-21 | 5.5 Medium |
| A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | ||||
| CVE-2021-3992 | 1 Kimai2 Project | 1 Kimai2 | 2024-11-21 | 6.5 Medium |
| kimai2 is vulnerable to Improper Access Control | ||||
| CVE-2021-3989 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.1 Medium |
| showdoc is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3965 | 1 Hp | 54 Designjet T1530 L2y23a, Designjet T1530 L2y23a Firmware, Designjet T1530 L2y24a and 51 more | 2024-11-21 | 7.5 High |
| Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews. | ||||
| CVE-2021-3964 | 1 Elgg | 1 Elgg | 2024-11-21 | 5.9 Medium |
| elgg is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3882 | 1 Ledgersmb | 1 Ledgersmb | 2024-11-21 | 6.8 Medium |
| LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command. | ||||
| CVE-2021-3869 | 1 Stanford | 1 Corenlp | 2024-11-21 | 7.5 High |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-3859 | 2 Netapp, Redhat | 11 Cloud Secure Agent, Oncommand Insight, Oncommand Workflow Automation and 8 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | ||||
| CVE-2021-3852 | 1 Weseek | 1 Growi | 2024-11-21 | 7.5 High |
| growi is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3851 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 5.4 Medium |
| firefly-iii is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3845 | 1 Ws Scrcpy Project | 1 Ws Scrcpy | 2024-11-21 | 7.5 High |
| ws-scrcpy is vulnerable to External Control of File Name or Path | ||||
| CVE-2021-3836 | 1 Dbeaver | 1 Dbeaver | 2024-11-21 | 5.5 Medium |
| dbeaver is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-3833 | 1 Artica | 1 Integria Ims | 2024-11-21 | 9.8 Critical |
| Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords. | ||||
| CVE-2021-3829 | 1 Openwhyd | 1 Openwhyd | 2024-11-21 | 6.1 Medium |
| openwhyd is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2024-11-21 | 7.5 High |
| nltk is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3813 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 6.5 Medium |
| Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | ||||
| CVE-2021-3779 | 1 Ruby-mysql Project | 1 Ruby-mysql | 2024-11-21 | 6.5 Medium |
| A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. | ||||
| CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.3 Medium |
| url-parse is vulnerable to URL Redirection to Untrusted Site | ||||
| CVE-2021-3654 | 2 Openstack, Redhat | 3 Nova, Openstack, Openstack Platform | 2024-11-21 | 6.1 Medium |
| A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | ||||