Search Results (364197 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36793 1 Routes Project 1 Routes 2024-11-21 7.5 High
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
CVE-2021-36792 1 Dated News Project 1 Dated News 2024-11-21 7.2 High
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
CVE-2021-36791 1 Dated News Project 1 Dated News 2024-11-21 5.3 Medium
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.
CVE-2021-36790 1 Dated News Project 1 Dated News 2024-11-21 6.1 Medium
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.
CVE-2021-36789 1 Dated News Project 1 Dated News 2024-11-21 9.8 Critical
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection.
CVE-2021-36788 1 Yoast 1 Yoast Seo 2024-11-21 5.4 Medium
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.
CVE-2021-36787 1 In2code 1 Femanager 2024-11-21 5.4 Medium
The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.
CVE-2021-36786 1 Miniorange 1 Saml 2024-11-21 7.5 High
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
CVE-2021-36785 1 Miniorange 1 Saml 2024-11-21 5.4 Medium
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.
CVE-2021-36784 1 Suse 1 Rancher 2024-11-21 7.2 High
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.
CVE-2021-36783 1 Suse 1 Rancher 2024-11-21 9.9 Critical
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
CVE-2021-36782 1 Suse 1 Rancher 2024-11-21 9.9 Critical
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
CVE-2021-36781 1 Opensuse 1 Factory 2024-11-21 5.9 Medium
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
CVE-2021-36780 1 Linuxfoundation 1 Longhorn 2024-11-21 8.1 High
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v.
CVE-2021-36779 1 Linuxfoundation 1 Longhorn 2024-11-21 9.6 Critical
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
CVE-2021-36778 1 Suse 1 Rancher 2024-11-21 7.3 High
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVE-2021-36777 1 Opensuse 1 Open Build Service 2024-11-21 8.1 High
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.
CVE-2021-36776 1 Rancher 1 Rancher 2024-11-21 8.8 High
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.
CVE-2021-36775 1 Rancher 1 Rancher 2024-11-21 8.8 High
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVE-2021-36774 1 Apache 1 Kylin 2024-11-21 6.5 Medium
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.