Search Results (121088 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-44535 1 Arubanetworks 1 Aruba Edgeconnect Enterprise Orchestrator 2025-04-10 8.8 High
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could allow an attacker to achieve administrative privilege on the web-management interface leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.
CVE-2022-39041 1 Aenrich 1 A\+hrd 2025-04-10 9.8 Critical
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
CVE-2022-39042 1 Aenrich 1 A\+hrd 2025-04-10 9.8 Critical
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.
CVE-2022-47618 1 Meritlilin 4 Ah55b04, Ah55b04 Firmware, Ah55b08 and 1 more 2025-04-10 9.8 Critical
Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service.
CVE-2022-39039 1 Aenrich 1 A\+hrd 2025-04-10 9.8 Critical
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.
CVE-2022-39040 1 Aenrich 1 A\+hrd 2025-04-10 7.5 High
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVE-2021-29101 1 Esri 1 Arcgis Geoevent Server 2025-04-10 7.5 High
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system.
CVE-2021-29107 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
CVE-2021-29106 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2021-29105 1 Esri 1 Arcgis Server 2025-04-10 5.4 Medium
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory.
CVE-2021-29103 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2021-29102 1 Esri 1 Arcgis Server 2025-04-10 9.1 Critical
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2021-29104 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
CVE-2021-29108 1 Esri 1 Portal For Arcgis 2025-04-10 8.8 High
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted.
CVE-2021-29109 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2021-29110 1 Esri 1 Portal For Arcgis 2025-04-10 5.4 Medium
Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.
CVE-2021-29113 1 Esri 1 Arcgis Server 2025-04-10 4.7 Medium
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.
CVE-2021-29114 1 Esri 1 Arcgis Server 2025-04-10 9.8 Critical
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
CVE-2021-29115 1 Esri 1 Arcgis Enterprise 2025-04-10 5.3 Medium
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.
CVE-2021-29116 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.