Search

Search Results (364535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-23956 1 Mozilla 1 Firefox 2024-11-21 6.5 Medium
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.
CVE-2021-23955 1 Mozilla 1 Firefox 2024-11-21 6.1 Medium
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.
CVE-2021-23954 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23953 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 4.3 Medium
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23937 1 Apache 1 Wicket 2024-11-21 7.5 High
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slow down request processing of the Apache Wicket application causing a possible denial of service on either the internal infrastructure or the web application itself. This issue affects Apache Wicket Apache Wicket 9.x version 9.2.0 and prior versions; Apache Wicket 8.x version 8.11.0 and prior versions; Apache Wicket 7.x version 7.17.0 and prior versions and Apache Wicket 6.x version 6.2.0 and later versions.
CVE-2021-23936 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via the subject of a task.
CVE-2021-23935 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
CVE-2021-23934 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
CVE-2021-23933 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
CVE-2021-23932 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
CVE-2021-23931 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via an inline binary file.
CVE-2021-23930 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
CVE-2021-23929 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
CVE-2021-23928 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
CVE-2021-23927 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.4 Medium
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
CVE-2021-23925 1 Devolutions 1 Devolutions Server 2024-11-21 6.1 Medium
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.
CVE-2021-23924 1 Devolutions 1 Devolutions Server 2024-11-21 7.5 High
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.
CVE-2021-23923 1 Devolutions 1 Devolutions Server 2024-11-21 8.1 High
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.
CVE-2021-23922 1 Devolutions 1 Remote Desktop Manager 2024-11-21 5.4 Medium
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.
CVE-2021-23921 1 Devolutions 1 Devolutions Server 2024-11-21 9.1 Critical
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.