Search Results (362599 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27804 1 Libjxl Project 1 Libjxl 2024-11-21 9.8 Critical
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
CVE-2021-27799 1 Zint 1 Barcode Generator 2024-11-21 7.5 High
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.
CVE-2021-27797 1 Broadcom 1 Fabric Operating System 2024-11-21 9.8 Critical
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
CVE-2021-27796 1 Broadcom 1 Fabric Operating System 2024-11-21 6.5 Medium
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
CVE-2021-27795 1 Broadcom 13 Brocade 300, Brocade 610, Brocade 6505 and 10 more 2024-11-21 6.4 Medium
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.
CVE-2021-27794 1 Broadcom 1 Fabric Operating System 2024-11-21 7.8 High
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
CVE-2021-27793 1 Broadcom 1 Fabric Operating System 2024-11-21 5.3 Medium
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
CVE-2021-27792 1 Broadcom 1 Fabric Operating System 2024-11-21 7.8 High
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
CVE-2021-27791 1 Broadcom 1 Fabric Operating System 2024-11-21 5.4 Medium
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
CVE-2021-27790 1 Broadcom 1 Fabric Operating System 2024-11-21 7.8 High
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
CVE-2021-27789 1 Broadcom 1 Fabric Operating System 2024-11-21 6.5 Medium
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
CVE-2021-27786 1 Hcltech 1 Onetest Server 2024-11-21 4.6 Medium
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.
CVE-2021-27785 1 Hcltechsw 1 Hcl Commerce 2024-11-21 3.9 Low
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.
CVE-2021-27783 1 Hcltech 2 Bigfix Mobile, Bigfix Modern Client Management 2024-11-21 6.8 Medium
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2021-27781 1 Hcltech 2 Bigfix Mobile, Modern Client Management 2024-11-21 6.6 Medium
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2021-27780 1 Hcltech 2 Bigfix Mobile, Modern Client Management 2024-11-21 5.3 Medium
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVE-2021-27779 1 Hcltech 1 Versionvault Express 2024-11-21 9.1 Critical
VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
CVE-2021-27778 1 Hcltech 1 Traveler 2024-11-21 4.9 Medium
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
CVE-2021-27777 1 Hcltech 1 Unica 2024-11-21 7.5 High
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
CVE-2021-27773 1 Hcltech 1 Sametime 2024-11-21 4.2 Medium
This vulnerability allows users to execute a clickjacking attack in the meeting's chat.