Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-39383 1 Diaowen 1 Dwsurvey 2024-11-21 9.8 Critical
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
CVE-2021-39379 1 Os4ed 1 Opensis 2024-11-21 9.8 Critical
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.
CVE-2021-39378 1 Os4ed 1 Opensis 2024-11-21 9.8 Critical
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.
CVE-2021-39377 1 Os4ed 1 Opensis 2024-11-21 9.8 Critical
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.
CVE-2021-39376 1 Philips 1 Tasy Electronic Medical Record 2024-11-21 8.8 High
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
CVE-2021-39375 1 Philips 1 Tasy Electronic Medical Record 2024-11-21 8.8 High
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
CVE-2021-39373 1 Samsung 2 Drive Manager, H3 2024-11-21 7.8 High
Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure.
CVE-2021-39371 2 Debian, Osgeo 3 Debian Linux, Owslib, Pywps 2024-11-21 7.5 High
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
CVE-2021-39368 1 Canon 1 Oce Print Exec Workgroup 2024-11-21 6.1 Medium
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.
CVE-2021-39367 1 Canon 1 Oce Print Exec Workgroup 2024-11-21 5.3 Medium
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
CVE-2021-39365 3 Debian, Gnome, Redhat 3 Debian Linux, Grilo, Enterprise Linux 2024-11-21 5.9 Medium
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39364 1 Honeywell 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more 2024-11-21 7.5 High
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
CVE-2021-39363 1 Honeywell 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more 2024-11-21 9.8 Critical
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
CVE-2021-39362 1 Recaptcha Solver Project 1 Recaptcha Solver 2024-11-21 6.1 Medium
An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers.
CVE-2021-39361 1 Gnome 1 Evolution-rss 2024-11-21 5.9 Medium
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39360 2 Fedoraproject, Gnome 2 Fedora, Libzapojit 2024-11-21 5.9 Medium
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39359 2 Fedoraproject, Gnome 2 Fedora, Libgda 2024-11-21 5.9 Medium
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39358 3 Fedoraproject, Gnome, Redhat 3 Fedora, Libgfbgraph, Enterprise Linux 2024-11-21 5.9 Medium
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39307 1 Pdftron 1 Webviewer Ui 2024-11-21 6.1 Medium
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
CVE-2021-39306 1 Realtek 2 Rtl8195am, Rtl8195am Firmware 2024-11-21 9.8 Critical
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.