Export limit exceeded: 364158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29252 1 Rsa 1 Archer 2024-11-21 5.4 Medium
RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability to execute code in a victim's browser.
CVE-2021-29251 1 Btcpayserver 1 Btcpay Server 2024-11-21 6.5 Medium
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.
CVE-2021-29250 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.4 Medium
BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.
CVE-2021-29249 1 Btcpayserver 1 Btcpay Server 2024-11-21 7.5 High
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.
CVE-2021-29248 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.3 Medium
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
CVE-2021-29247 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.3 Medium
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.
CVE-2021-29246 1 Btcpayserver 1 Btcpay Server 2024-11-21 6.7 Medium
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.
CVE-2021-29245 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.3 Medium
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.
CVE-2021-29243 1 Cloudera 1 Cloudera Manager 2024-11-21 6.1 Medium
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.
CVE-2021-29242 1 Codesys 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more 2024-11-21 7.3 High
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVE-2021-29240 1 Codesys 1 Development System 2024-11-21 7.8 High
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
CVE-2021-29239 1 Codesys 1 Development System 2024-11-21 7.8 High
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
CVE-2021-29238 1 Codesys 1 Automation Server 2024-11-21 8.8 High
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
CVE-2021-29221 2 Erlang, Microsoft 2 Erlang\/otp, Windows 2024-11-21 7.0 High
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
CVE-2021-29220 1 Hp 1 Ilo Amplifier Pack 2024-11-21 7.2 High
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.
CVE-2021-29219 1 Hpe 14 Flexnetwork 5130 Jg932a, Flexnetwork 5130 Jg932a Firmware, Flexnetwork 5130 Jg933a and 11 more 2024-11-21 7.8 High
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02.
CVE-2021-29218 2 Hpe, Microsoft 14 Agentless Management, Apollo 20, Apollo 2000 Gen 10 Plus and 11 more 2024-11-21 6.7 Medium
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.
CVE-2021-29217 1 Hpe 1 Oneview Global Dashboard 2024-11-21 6.1 Medium
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
CVE-2021-29216 1 Hpe 1 Oneview Global Dashboard 2024-11-21 6.1 Medium
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
CVE-2021-29215 1 Hpe 2 Ezmeral Data Fabric, Tez 2024-11-21 9.8 Critical
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric.