Search Results (365292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-42084 1 Zammad 1 Zammad 2024-11-21 6.5 Medium
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
CVE-2021-42078 1 Php Event Calendar Project 1 Php Event Calendar 2024-11-21 6.1 Medium
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.
CVE-2021-42077 1 Kaysongroup 1 Php Event Calendar 2024-11-21 9.8 Critical
PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form.
CVE-2021-42076 1 Barrier Project 1 Barrier 2024-11-21 7.5 High
An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.
CVE-2021-42075 1 Barrier Project 1 Barrier 2024-11-21 7.5 High
An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.
CVE-2021-42074 1 Barrier Project 1 Barrier 2024-11-21 7.5 High
An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session.
CVE-2021-42073 1 Barrier Project 1 Barrier 2024-11-21 8.2 High
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
CVE-2021-42072 2 Barrier Project, Fedoraproject 2 Barrier, Fedora 2024-11-21 8.8 High
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.
CVE-2021-42071 1 Visual-tools 2 Dvr Vx16, Dvr Vx16 Firmware 2024-11-21 9.8 Critical
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
CVE-2021-42070 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 3.3 Low
When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application
CVE-2021-42069 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 3.3 Low
When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application
CVE-2021-42068 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 3.3 Low
When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-42067 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2024-11-21 4.3 Medium
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
CVE-2021-42066 1 Sap 1 Business One 2024-11-21 4.4 Medium
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.
CVE-2021-42064 1 Sap 1 Commerce 2024-11-21 9.8 Critical
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values.
CVE-2021-42063 1 Sap 1 Knowledge Warehouse 2024-11-21 6.1 Medium
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
CVE-2021-42062 1 Sap 1 Erp Human Capital Management 2024-11-21 4.3 Medium
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
CVE-2021-42061 1 Sap 1 Businessobjects Business Intelligence Platform 2024-11-21 5.4 Medium
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.
CVE-2021-42057 1 Obsidian 1 Obsidian Dataview 2024-11-21 7.8 High
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.
CVE-2021-42056 3 Linux, Microsoft, Thalesgroup 3 Linux Kernel, Windows, Safenet Authentication Client 2024-11-21 6.7 Medium
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.