Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36454 1 Naviwebs 1 Navigate Cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files.
CVE-2021-36450 1 Verint 1 Workforce Optimization 2024-11-21 6.1 Medium
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVE-2021-36440 1 Showdoc 1 Showdoc 2024-11-21 9.8 Critical
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
CVE-2021-36417 1 Gpac 1 Gpac 2024-11-21 7.8 High
A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.
CVE-2021-36414 1 Gpac 1 Gpac 2024-11-21 7.8 High
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-36412 1 Gpac 1 Gpac 2024-11-21 7.8 High
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,
CVE-2021-36411 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 5.5 Medium
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
CVE-2021-36410 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 5.5 Medium
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
CVE-2021-36409 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 7.8 High
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
CVE-2021-36408 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 5.5 Medium
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
CVE-2021-36389 1 Yellowfinbi 1 Yellowfin 2024-11-21 7.5 High
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
CVE-2021-36388 1 Yellowfinbi 1 Yellowfin 2024-11-21 7.5 High
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
CVE-2021-36387 1 Yellowfinbi 1 Yellowfin 2024-11-21 5.4 Medium
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
CVE-2021-36386 3 Fedoraproject, Fetchmail, Redhat 3 Fedora, Fetchmail, Enterprise Linux 2024-11-21 7.5 High
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
CVE-2021-36385 1 Cerner 1 Mobile Care 2024-11-21 9.8 Critical
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.
CVE-2021-36383 1 Xen-orchestra 2 Xo-server, Xo-web 2024-11-21 4.3 Medium
Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit, Users, and Groups.
CVE-2021-36382 1 Devolutions 1 Devolutions Server 2024-11-21 2.6 Low
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
CVE-2021-36381 1 Edifecs 1 Transaction Management 2024-11-21 5.3 Medium
In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application.
CVE-2021-36377 2 Fedoraproject, Fossil-scm 2 Fedora, Fossil 2024-11-21 7.5 High
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
CVE-2021-36376 2 Delta Project, Microsoft 2 Delta, Windows 2024-11-21 7.8 High
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.