Search Results (363090 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38144 1 Formtools 1 Core 2024-11-21 5.4 Medium
An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS].
CVE-2021-38143 1 Formtools 1 Core 2024-11-21 6.1 Medium
An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when the admin tries to see the client list. This type of XSS (stored) can lead to the extraction of the PHPSESSID cookie belonging to the admin.
CVE-2021-38142 1 Barco 1 Mirrorop Windows Sender 2024-11-21 8.8 High
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
CVE-2021-38140 1 Set User Project 1 Set User 2024-11-21 9.8 Critical
The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().
CVE-2021-38138 1 Onenav 1 Onenav 2024-11-21 5.4 Medium
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
CVE-2021-38137 1 Corero 1 Securewatch Managed Services 2024-11-21 8.1 High
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.
CVE-2021-38136 1 Corero 1 Securewatch Managed Services 2024-11-21 6.5 Medium
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host.
CVE-2021-38130 1 Microfocus 1 Voltage Securemail 2024-11-21 6.5 Medium
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.
CVE-2021-38129 1 Microfocus 1 Operations Agent 2024-11-21 3.3 Low
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.
CVE-2021-38127 1 Microfocus 1 Arcsight Enterprise Security Manager 2024-11-21 6.1 Medium
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
CVE-2021-38126 1 Microfocus 1 Arcsight Enterprise Security Manager 2024-11-21 6.1 Medium
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
CVE-2021-38125 1 Microfocus 1 Operations Bridge 2024-11-21 9.8 Critical
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
CVE-2021-38124 1 Microfocus 1 Arcsight Enterprise Security Manager 2024-11-21 9.8 Critical
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
CVE-2021-38123 1 Microfocus 1 Network Automation 2024-11-21 6.1 Medium
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
CVE-2021-38115 1 Libgd 1 Libgd 2024-11-21 6.5 Medium
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2021-38114 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 5.5 Medium
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-38113 1 Openwebif Project 1 Openwebif 2024-11-21 5.4 Medium
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
CVE-2021-38112 1 Amazon 1 Aws Workspaces 2024-11-21 8.8 High
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
CVE-2021-38110 1 Corel 1 Wordperfect 2020 2024-11-21 7.8 High
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file.
CVE-2021-38109 1 Corel 1 Coreldraw 2020 2024-11-21 5.5 Medium
Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file.