Search Results (363673 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27767 1 Hcltech 1 Bigfix Platform 2024-11-21 6.7 Medium
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVE-2021-27766 1 Hcltech 1 Bigfix Platform 2024-11-21 6.7 Medium
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVE-2021-27765 1 Hcltech 1 Bigfix Platform 2024-11-21 6.7 Medium
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVE-2021-27764 1 Hcltech 1 Bigfix Webui 2024-11-21 7.4 High
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
CVE-2021-27762 1 Hcltech 1 Bigfix Platform 2024-11-21 4.7 Medium
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
CVE-2021-27761 1 Hcltech 1 Bigfix Platform 2024-11-21 4.8 Medium
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
CVE-2021-27760 1 Hcltech 1 Hcl Inotes 2024-11-21 4.6 Medium
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
CVE-2021-27759 1 Hcltech 1 Bigfix Inventory 2024-11-21 2.3 Low
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.
CVE-2021-27758 1 Hcltech 1 Bigfix Inventory 2024-11-21 4.3 Medium
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.
CVE-2021-27757 1 Hcltech 1 Bigfix Insights 2024-11-21 7.5 High
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."
CVE-2021-27756 1 Hcltech 1 Bigfix Compliance 2024-11-21 7.5 High
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
CVE-2021-27755 1 Hcltech 1 Hcl Sametime 2024-11-21 5.5 Medium
"Sametime Android potential path traversal vulnerability when using File class"
CVE-2021-27753 1 Hcltech 1 Hcl Sametime 2024-11-21 5.5 Medium
"Sametime Android PathTraversal Vulnerability"
CVE-2021-27751 1 Hcltechsw 1 Hcl Commerce 2024-11-21 4.4 Medium
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.
CVE-2021-27746 1 Hcltechsw 1 Connections 2024-11-21 5.4 Medium
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-27741 1 Hcltechsw 1 Hcl Commerce 2024-11-21 9.1 Critical
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
CVE-2021-27738 1 Apache 1 Kylin 2024-11-21 7.5 High
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.
CVE-2021-27737 1 Apache 1 Traffic Server 2024-11-21 7.5 High
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
CVE-2021-27736 1 Fusionauth 1 Saml V2 2024-11-21 6.5 Medium
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
CVE-2021-27734 1 Belden 2 Hirschmann Hios, Hisecos 2024-11-21 9.8 Critical
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.