Search Results (362531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27578 1 Apache 1 Zeppelin 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.
CVE-2021-27577 2 Apache, Debian 2 Traffic Server, Debian Linux 2024-11-21 7.5 High
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
CVE-2021-27574 1 Remotemouse 1 Emote Remote Mouse 2024-11-21 8.1 High
An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.
CVE-2021-27573 1 Remotemouse 1 Emote Remote Mouse 2024-11-21 9.8 Critical
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.
CVE-2021-27572 1 Remotemouse 1 Emote Remote Mouse 2024-11-21 8.1 High
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.
CVE-2021-27571 1 Remotemouse 1 Emote Remote Mouse 2024-11-21 5.3 Medium
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.
CVE-2021-27570 1 Remotemouse 1 Emote Remote Mouse 2024-11-21 5.3 Medium
An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic.
CVE-2021-27569 1 Remotemouse 1 Emote Remote Mouse 2024-11-21 5.3 Medium
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic.
CVE-2021-27568 3 Json-smart Project, Oracle, Redhat 11 Json-smart-v1, Json-smart-v2, Communications Cloud Native Core Policy and 8 more 2024-11-21 5.9 Medium
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
CVE-2021-27565 1 Hcc-embedded 1 Nichestack 2024-11-21 7.5 High
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.
CVE-2021-27564 1 Appspace 1 Appspace 2024-11-21 5.4 Medium
A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.
CVE-2021-27559 1 Monicahq 1 Monica 2024-11-21 5.4 Medium
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
CVE-2021-27558 1 Easycorp 1 Zentao 2024-11-21 6.1 Medium
A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.
CVE-2021-27557 1 Easycorp 1 Zentao 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.
CVE-2021-27556 1 Easycorp 1 Zentao 2024-11-21 7.2 High
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
CVE-2021-27550 1 Polarisoffice 1 Polaris Office 2024-11-21 5.5 Medium
Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.
CVE-2021-27549 1 Genymobile 1 Genymotion Desktop 2024-11-21 5.3 Medium
Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen
CVE-2021-27548 1 Xpdfreader 1 Xpdf 2024-11-21 5.5 Medium
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
CVE-2021-27545 1 Phpgurukul 1 Beauty Parlour Management System 2024-11-21 6.5 Medium
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
CVE-2021-27544 1 Phpgurukul 1 Beauty Parlour Management System 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.