Export limit exceeded: 10462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42697 | 1 Akka | 1 Http Server | 2024-11-21 | 7.5 High |
| Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | ||||
| CVE-2021-42646 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | 9.1 Critical |
| XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests. | ||||
| CVE-2021-42641 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 7.5 High |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | ||||
| CVE-2021-42640 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 9.1 Critical |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | ||||
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2024-11-21 | 5.4 Medium |
| An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. | ||||
| CVE-2021-42560 | 1 Mitre | 1 Caldera | 2024-11-21 | 8.8 High |
| An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.). | ||||
| CVE-2021-42545 | 1 Business-dnasolutions | 1 Topease | 2024-11-21 | 8.1 High |
| An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | ||||
| CVE-2021-42536 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 8 High |
| The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | ||||
| CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2024-11-21 | 7.8 High |
| AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | ||||
| CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 7.8 High |
| BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-42194 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 7.2 High |
| The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | ||||
| CVE-2021-41847 | 1 3xlogic | 1 Infinias Access Control | 2024-11-21 | 8.8 High |
| An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software. | ||||
| CVE-2021-41826 | 1 Place | 1 Placeos Authentication | 2024-11-21 | 6.1 Medium |
| PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. | ||||
| CVE-2021-41770 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 7.5 High |
| Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | ||||
| CVE-2021-41752 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 9.8 Critical |
| Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | ||||
| CVE-2021-41733 | 1 Oppia | 1 Oppia | 2024-11-21 | 6.1 Medium |
| Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. | ||||
| CVE-2021-41608 | 1 Classapps | 1 Selectsurvey.net | 2024-11-21 | 7.5 High |
| A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | ||||
| CVE-2021-41562 | 1 Snowsoftware | 1 Snow Inventory Agent | 2024-11-21 | 6.1 Medium |
| A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows. | ||||
| CVE-2021-41500 | 2 Cvxopt Project, Fedoraproject | 2 Cvxopt, Fedora | 2024-11-21 | 7.5 High |
| Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. | ||||
| CVE-2021-41411 | 1 Redhat | 1 Drools | 2024-11-21 | 9.8 Critical |
| drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | ||||