Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35217 1 Solarwinds 1 Patch Manager 2024-11-21 8.9 High
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
CVE-2021-35216 1 Solarwinds 1 Patch Manager 2024-11-21 8.9 High
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
CVE-2021-35215 1 Solarwinds 1 Orion Platform 2024-11-21 8.9 High
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
CVE-2021-35214 1 Solarwinds 1 Pingdom 2024-11-21 4.8 Medium
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
CVE-2021-35213 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 8.9 High
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
CVE-2021-35212 1 Solarwinds 1 Orion Platform 2024-11-21 8.9 High
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
CVE-2021-35210 1 Contao 1 Contao 2024-11-21 6.1 Medium
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-35209 1 Zimbra 1 Collaboration 2024-11-21 9.8 Critical
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).
CVE-2021-35208 1 Zimbra 1 Collaboration 2024-11-21 5.4 Medium
An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
CVE-2021-35207 1 Zimbra 1 Collaboration 2024-11-21 6.1 Medium
An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url.
CVE-2021-35206 1 Gitpod 1 Gitpod 2024-11-21 6.1 Medium
Gitpod before 0.6.0 allows unvalidated redirects.
CVE-2021-35205 1 Netscout 1 Ngeniusone 2024-11-21 5.4 Medium
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.
CVE-2021-35204 1 Netscout 1 Ngeniusone 2024-11-21 5.4 Medium
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.
CVE-2021-35203 1 Netscout 1 Ngeniusone 2024-11-21 5.7 Medium
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.
CVE-2021-35202 1 Netscout 1 Ngeniusone 2024-11-21 4.3 Medium
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.
CVE-2021-35201 1 Netscout 1 Ngeniusone 2024-11-21 6.5 Medium
NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.
CVE-2021-35200 1 Netscout 1 Ngeniusone 2024-11-21 4.8 Medium
NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.
CVE-2021-35199 1 Netscout 1 Ngeniusone 2024-11-21 5.4 Medium
NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.
CVE-2021-35198 1 Netscout 1 Ngeniusone 2024-11-21 5.4 Medium
NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.
CVE-2021-35197 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-11-21 7.5 High
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).