Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35472 2 Debian, Lemonldap-ng 2 Debian Linux, Lemonldap\ 2024-11-21 8.8 High
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.
CVE-2021-35469 1 Lexmark 3 Printer Software G2, Printer Software G3, Printer Software G4 2024-11-21 7.8 High
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
CVE-2021-35465 1 Arm 8 China Star-mc1, China Star-mc1 Firmware, Cortex-m33 and 5 more 2024-11-21 3.4 Low
Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).
CVE-2021-35463 1 Liferay 1 Liferay Portal 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
CVE-2021-35458 1 Online Pet Shop We App Project 1 Online Pet Shop We App 2024-11-21 9.8 Critical
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.
CVE-2021-35456 1 Online Pet Shop Web Application Project 1 Online Pet Shop Web Application 2024-11-21 9.8 Critical
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload
CVE-2021-35452 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 6.5 Medium
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
CVE-2021-35451 1 Teradici 1 Pcoip Management Console 2024-11-21 6.1 Medium
In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.
CVE-2021-35450 1 Entando 1 Admin Console 2024-11-21 7.2 High
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
CVE-2021-35449 1 Lexmark 4 G2 Driver, G3 Driver, G4 Driver and 1 more 2024-11-21 7.8 High
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
CVE-2021-35448 2 Microsoft, Remotemouse 2 Windows, Emote Interactive Studio 2024-11-21 7.8 High
Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.
CVE-2021-35440 1 Smashing Project 1 Smashing 2024-11-21 6.1 Medium
Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker.
CVE-2021-35437 1 Lmxcms 1 Lmxcms 2024-11-21 9.8 Critical
SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.
CVE-2021-35415 1 Chamilo 1 Chamilo Lms 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
CVE-2021-35414 1 Chamilo 1 Chamilo Lms 2024-11-21 9.8 Critical
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
CVE-2021-35413 1 Chamilo 1 Chamilo Lms 2024-11-21 8.8 High
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
CVE-2021-35397 1 Drogon 1 Drogon 2024-11-21 7.5 High
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted.
CVE-2021-35391 1 Deskpro 1 Deskpro 2024-11-21 7.2 High
Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL.
CVE-2021-35380 1 Solari 1 Termtalk Server 2024-11-21 7.5 High
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
CVE-2021-35368 3 Debian, Fedoraproject, Owasp 3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set 2024-11-21 9.8 Critical
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.