Search Results (364952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36788 1 Yoast 1 Yoast Seo 2024-11-21 5.4 Medium
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.
CVE-2021-36787 1 In2code 1 Femanager 2024-11-21 5.4 Medium
The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.
CVE-2021-36786 1 Miniorange 1 Saml 2024-11-21 7.5 High
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
CVE-2021-36785 1 Miniorange 1 Saml 2024-11-21 5.4 Medium
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.
CVE-2021-36784 1 Suse 1 Rancher 2024-11-21 7.2 High
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.
CVE-2021-36783 1 Suse 1 Rancher 2024-11-21 9.9 Critical
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
CVE-2021-36782 1 Suse 1 Rancher 2024-11-21 9.9 Critical
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
CVE-2021-36781 1 Opensuse 1 Factory 2024-11-21 5.9 Medium
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
CVE-2021-36780 1 Linuxfoundation 1 Longhorn 2024-11-21 8.1 High
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v.
CVE-2021-36779 1 Linuxfoundation 1 Longhorn 2024-11-21 9.6 Critical
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
CVE-2021-36778 1 Suse 1 Rancher 2024-11-21 7.3 High
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVE-2021-36777 1 Opensuse 1 Open Build Service 2024-11-21 8.1 High
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.
CVE-2021-36776 1 Rancher 1 Rancher 2024-11-21 8.8 High
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.
CVE-2021-36775 1 Rancher 1 Rancher 2024-11-21 8.8 High
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVE-2021-36774 1 Apache 1 Kylin 2024-11-21 6.5 Medium
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
CVE-2021-36773 4 Debian, Sciruby, Ublockorigin and 1 more 4 Debian Linux, Nmatrix, Ublock Origin and 1 more 2024-11-21 7.5 High
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).
CVE-2021-36772 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 6.1 Medium
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
CVE-2021-36771 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 6.1 Medium
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
CVE-2021-36769 1 Telegram 2 Telegram, Telegram Desktop 2024-11-21 5.3 Medium
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.
CVE-2021-36767 1 Digi 37 6350-sr, 6350-sr Firmware, Cm and 34 more 2024-11-21 9.8 Critical
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.