Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33504 1 Couchbase 1 Couchbase Server 2024-11-21 4.9 Medium
Couchbase Server before 7.1.0 has Incorrect Access Control.
CVE-2021-33503 4 Fedoraproject, Oracle, Python and 1 more 10 Fedora, Enterprise Manager Ops Center, Instantis Enterprisetrack and 7 more 2024-11-21 7.5 High
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
CVE-2021-33502 2 Normalize-url Project, Redhat 6 Normalize-url, Acm, Enterprise Linux and 3 more 2024-11-21 7.5 High
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
CVE-2021-33501 1 Overwolf 1 Overwolf 2024-11-21 9.6 Critical
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.
CVE-2021-33500 2 Microsoft, Putty 2 Windows, Putty 2024-11-21 7.5 High
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
CVE-2021-33499 1 Pexip 1 Infinity 2024-11-21 7.5 High
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
CVE-2021-33498 1 Pexip 1 Infinity 2024-11-21 7.5 High
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
CVE-2021-33497 1 Dutchcoders 1 Transfer.sh 2024-11-21 9.1 Critical
Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.
CVE-2021-33496 1 Dutchcoders 1 Transfer.sh 2024-11-21 6.1 Medium
Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.
CVE-2021-33495 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
CVE-2021-33494 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
CVE-2021-33493 1 Open-xchange 1 Ox App Suite 2024-11-21 6.0 Medium
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
CVE-2021-33492 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat room name.
CVE-2021-33491 1 Open-xchange 1 Ox App Suite 2024-11-21 6.5 Medium
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
CVE-2021-33490 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.
CVE-2021-33489 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.
CVE-2021-33488 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.
CVE-2021-33486 1 Codesys 1 Runtime Toolkit 2024-11-21 7.5 High
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVE-2021-33484 1 Onyaktech Comments Pro Project 1 Onyaktech Comments Pro 2024-11-21 7.5 High
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.
CVE-2021-33483 1 Onyaktech Comments Pro Project 1 Onyaktech Comments Pro 2024-11-21 5.4 Medium
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.