Search Results (365329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-42556 1 Rasa 1 Rasa X 2024-11-21 5.5 Medium
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.
CVE-2021-42555 1 Pexip 1 Infinity 2024-11-21 7.5 High
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
CVE-2021-42552 1 Archivista 1 Archivistabox 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.
CVE-2021-42551 1 Alcoda 1 Netbiblio 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.
CVE-2021-42550 4 Netapp, Qos, Redhat and 1 more 9 Cloud Manager, Service Level Manager, Snap Creator Framework and 6 more 2024-11-21 6.6 Medium
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
CVE-2021-42549 1 Wpcloudplugins 1 Lets-box 2024-11-21 4.7 Medium
Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.
CVE-2021-42548 1 Wpcloudplugins 1 Share-one-drive 2024-11-21 4.7 Medium
Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.
CVE-2021-42547 1 Wpcloudplugins 1 Out-of-the-box 2024-11-21 4.7 Medium
Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.
CVE-2021-42546 1 Wpcloudplugins 1 Use-your-drive 2024-11-21 4.7 Medium
Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.
CVE-2021-42545 1 Business-dnasolutions 1 Topease 2024-11-21 8.1 High
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.
CVE-2021-42544 1 Businessdnasolutions 1 Topease 2024-11-21 7.5 High
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.
CVE-2021-42543 1 Azeotech 1 Daqfactory 2024-11-21 7.8 High
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.
CVE-2021-42542 1 Emerson 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more 2024-11-21 8 High
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
CVE-2021-42540 1 Emerson 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more 2024-11-21 8 High
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
CVE-2021-42539 1 Emerson 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more 2024-11-21 8 High
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
CVE-2021-42538 1 Emerson 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more 2024-11-21 8 High
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
CVE-2021-42536 1 Emerson 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more 2024-11-21 8 High
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
CVE-2021-42534 1 Trane 2 Tracer Sc, Tracer Sc Firmware 2024-11-21 6.3 Medium
The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.
CVE-2021-42525 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 N/A
Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-42523 1 Colord Project 1 Colord 2024-11-21 7.5 High
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.