Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43333 1 Datalogic 1 Dxu 2024-11-21 6.5 Medium
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.
CVE-2021-43332 2 Debian, Gnu 2 Debian Linux, Mailman 2024-11-21 6.5 Medium
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
CVE-2021-43331 2 Debian, Gnu 2 Debian Linux, Mailman 2024-11-21 6.1 Medium
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
CVE-2021-43329 1 Mumara 1 Classic 2024-11-21 9.8 Critical
A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.
CVE-2021-43327 1 Renesas 4 Rx65, Rx65 Firmware, Rx65n and 1 more 2024-11-21 4.6 Medium
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.
CVE-2021-43326 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
CVE-2021-43325 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
CVE-2021-43324 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
LibreNMS through 21.10.2 allows XSS via a widget title.
CVE-2021-43319 1 Zohocorp 1 Manageengine Network Configuration Manager 2024-11-21 9.8 Critical
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
CVE-2021-43309 1 Litejs 1 Uri-template-lite 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
CVE-2021-43308 1 Markdown-link-extractor Project 1 Markdown-link-extractor 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
CVE-2021-43307 1 Semver-regex Project 1 Semver-regex 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
CVE-2021-43306 1 Jqueryvalidation 1 Jquery Validation 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
CVE-2021-43298 1 Embedthis 1 Goahead 2024-11-21 9.8 Critical
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.
CVE-2021-43297 1 Apache 1 Dubbo 2024-11-21 9.8 Critical
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5.
CVE-2021-43296 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 7.5 High
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2021-43295 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 6.1 Medium
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
CVE-2021-43294 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 6.1 Medium
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
CVE-2021-43293 1 Sonatype 1 Nexus Repository Manager 2024-11-21 4.3 Medium
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
CVE-2021-43290 1 Thoughtworks 1 Gocd 2024-11-21 9.8 Critical
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.