Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364156 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29250 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.4 Medium |
| BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing. | ||||
| CVE-2021-29249 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 7.5 High |
| BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. | ||||
| CVE-2021-29248 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.3 Medium |
| BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. | ||||
| CVE-2021-29247 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.3 Medium |
| BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. | ||||
| CVE-2021-29246 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 6.7 Medium |
| BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | ||||
| CVE-2021-29245 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.3 Medium |
| BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | ||||
| CVE-2021-29243 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 6.1 Medium |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. | ||||
| CVE-2021-29242 | 1 Codesys | 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more | 2024-11-21 | 7.3 High |
| CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. | ||||
| CVE-2021-29240 | 1 Codesys | 1 Development System | 2024-11-21 | 7.8 High |
| The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | ||||
| CVE-2021-29239 | 1 Codesys | 1 Development System | 2024-11-21 | 7.8 High |
| CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | ||||
| CVE-2021-29238 | 1 Codesys | 1 Automation Server | 2024-11-21 | 8.8 High |
| CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | ||||
| CVE-2021-29221 | 2 Erlang, Microsoft | 2 Erlang\/otp, Windows | 2024-11-21 | 7.0 High |
| A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. | ||||
| CVE-2021-29220 | 1 Hp | 1 Ilo Amplifier Pack | 2024-11-21 | 7.2 High |
| Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack. | ||||
| CVE-2021-29219 | 1 Hpe | 14 Flexnetwork 5130 Jg932a, Flexnetwork 5130 Jg932a Firmware, Flexnetwork 5130 Jg933a and 11 more | 2024-11-21 | 7.8 High |
| A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. | ||||
| CVE-2021-29218 | 2 Hpe, Microsoft | 14 Agentless Management, Apollo 20, Apollo 2000 Gen 10 Plus and 11 more | 2024-11-21 | 6.7 Medium |
| A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. | ||||
| CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2024-11-21 | 6.1 Medium |
| A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | ||||
| CVE-2021-29216 | 1 Hpe | 1 Oneview Global Dashboard | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | ||||
| CVE-2021-29215 | 1 Hpe | 2 Ezmeral Data Fabric, Tez | 2024-11-21 | 9.8 Critical |
| A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric. | ||||
| CVE-2021-29214 | 1 Hp | 1 Storeserv Management Console | 2024-11-21 | 7.2 High |
| A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. | ||||
| CVE-2021-29213 | 1 Hpe | 6 Proliant Dl20 Gen10 Server, Proliant Dl20 Gen10 Server Firmware, Proliant Microserver Gen10 Plus and 3 more | 2024-11-21 | 6.7 Medium |
| A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity. | ||||