Search Results (362599 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29251 1 Btcpayserver 1 Btcpay Server 2024-11-21 6.5 Medium
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.
CVE-2021-29250 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.4 Medium
BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.
CVE-2021-29249 1 Btcpayserver 1 Btcpay Server 2024-11-21 7.5 High
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.
CVE-2021-29248 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.3 Medium
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
CVE-2021-29247 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.3 Medium
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.
CVE-2021-29246 1 Btcpayserver 1 Btcpay Server 2024-11-21 6.7 Medium
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.
CVE-2021-29245 1 Btcpayserver 1 Btcpay Server 2024-11-21 5.3 Medium
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.
CVE-2021-29243 1 Cloudera 1 Cloudera Manager 2024-11-21 6.1 Medium
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.
CVE-2021-29242 1 Codesys 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more 2024-11-21 7.3 High
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVE-2021-29240 1 Codesys 1 Development System 2024-11-21 7.8 High
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
CVE-2021-29239 1 Codesys 1 Development System 2024-11-21 7.8 High
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
CVE-2021-29238 1 Codesys 1 Automation Server 2024-11-21 8.8 High
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
CVE-2021-29221 2 Erlang, Microsoft 2 Erlang\/otp, Windows 2024-11-21 7.0 High
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
CVE-2021-29220 1 Hp 1 Ilo Amplifier Pack 2024-11-21 7.2 High
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.
CVE-2021-29219 1 Hpe 14 Flexnetwork 5130 Jg932a, Flexnetwork 5130 Jg932a Firmware, Flexnetwork 5130 Jg933a and 11 more 2024-11-21 7.8 High
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02.
CVE-2021-29218 2 Hpe, Microsoft 14 Agentless Management, Apollo 20, Apollo 2000 Gen 10 Plus and 11 more 2024-11-21 6.7 Medium
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.
CVE-2021-29217 1 Hpe 1 Oneview Global Dashboard 2024-11-21 6.1 Medium
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
CVE-2021-29216 1 Hpe 1 Oneview Global Dashboard 2024-11-21 6.1 Medium
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
CVE-2021-29215 1 Hpe 2 Ezmeral Data Fabric, Tez 2024-11-21 9.8 Critical
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric.
CVE-2021-29214 1 Hp 1 Storeserv Management Console 2024-11-21 7.2 High
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.