Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28290 1 Identityserver4.admin Project 1 Identityserver4.admin 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.
CVE-2021-28280 1 Php-fusion 1 Phpfusion 2024-11-21 6.1 Medium
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
CVE-2021-28278 1 Jhead Project 1 Jhead 2024-11-21 7.8 High
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
CVE-2021-28277 1 Jhead Project 1 Jhead 2024-11-21 7.8 High
A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.
CVE-2021-28276 1 Jhead Project 1 Jhead 2024-11-21 7.5 High
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
CVE-2021-28275 1 Jhead Project 1 Jhead 2024-11-21 5.5 Medium
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.
CVE-2021-28271 1 Soyal 3 701clientsql, 701server, 701serversql 2024-11-21 8.8 High
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
CVE-2021-28269 1 Soyal 1 701client 2024-11-21 8.8 High
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
CVE-2021-28250 1 Ca 1 Ehealth Performance Manager 2024-11-21 7.8 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28249 1 Ca 1 Ehealth Performance Manager 2024-11-21 8.8 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28248 1 Broadcom 1 Ehealth 2024-11-21 7.5 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28247 1 Ca 1 Ehealth Performance Manager 2024-11-21 5.4 Medium
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28246 1 Broadcom 2 Ca Ehealth Performance Manager, Ehealth 2024-11-21 7.8 High
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-28245 1 Pbootcms 1 Pbootcms 2024-11-21 7.5 High
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
CVE-2021-28242 1 B2evolution 1 B2evolution 2024-11-21 8.8 High
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
CVE-2021-28237 1 Gnu 1 Libredwg 2024-11-21 9.8 Critical
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
CVE-2021-28236 1 Gnu 1 Libredwg 2024-11-21 7.5 High
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
CVE-2021-28233 1 Ok-file-formats Project 1 Ok-file-formats 2024-11-21 8.8 High
Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c.
CVE-2021-28213 1 Tianocore 1 Edk2 2024-11-21 7.5 High
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
CVE-2021-28211 2 Redhat, Tianocore 2 Enterprise Linux, Edk2 2024-11-21 6.7 Medium
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.