Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28093 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 6.5 Medium |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. | ||||
| CVE-2021-28092 | 2 Is-svg Project, Redhat | 3 Is-svg, Acm, Openshift | 2024-11-21 | 7.5 High |
| The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | ||||
| CVE-2021-28091 | 4 Debian, Entrouvert, Fedoraproject and 1 more | 4 Debian Linux, Lasso, Fedora and 1 more | 2024-11-21 | 7.5 High |
| Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. | ||||
| CVE-2021-28090 | 2 Fedoraproject, Torproject | 2 Fedora, Tor | 2024-11-21 | 5.3 Medium |
| Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | ||||
| CVE-2021-28089 | 2 Fedoraproject, Torproject | 2 Fedora, Tor | 2024-11-21 | 7.5 High |
| Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | ||||
| CVE-2021-28088 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field. | ||||
| CVE-2021-28079 | 1 Jamovi | 1 Jamovi | 2024-11-21 | 6.1 Medium |
| Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered. | ||||
| CVE-2021-28075 | 1 Ikuai8 | 1 Ikuaios | 2024-11-21 | 7.5 High |
| iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2021-28070 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 4.3 Medium |
| Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. | ||||
| CVE-2021-28060 | 1 Group-office | 1 Group Office | 2024-11-21 | 5.3 Medium |
| A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | ||||
| CVE-2021-28055 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user. | ||||
| CVE-2021-28054 | 1 Centreon | 1 Centreon | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter. | ||||
| CVE-2021-28053 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters. | ||||
| CVE-2021-28048 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 6.5 Medium |
| An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-28047 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 5.4 Medium |
| Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. | ||||
| CVE-2021-28042 | 1 Deutschepost | 1 Mailoptimizer | 2024-11-21 | 7.8 High |
| Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. | ||||
| CVE-2021-28041 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 11 Fedora, Cloud Backup, Hci Compute Node and 8 more | 2024-11-21 | 7.1 High |
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | ||||
| CVE-2021-28040 | 1 Ossec | 1 Ossec | 2024-11-21 | 7.5 High |
| An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached. | ||||
| CVE-2021-28039 | 3 Linux, Netapp, Xen | 4 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller Firmware and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. | ||||
| CVE-2021-28038 | 3 Debian, Linux, Netapp | 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. | ||||