Search Results (364872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35493 1 Tibco 3 Webfocus Client, Webfocus Installer, Webfocus Reporting Server 2024-11-21 9 Critical
The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below.
CVE-2021-35492 1 Wowza 1 Streaming Engine 2024-11-21 6.5 Medium
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)
CVE-2021-35491 1 Wowza 1 Streaming Engine 2024-11-21 8.1 High
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14.
CVE-2021-35490 1 Thruk 1 Thruk 2024-11-21 5.4 Medium
Thruk before 2.44 allows XSS for a quick command.
CVE-2021-35489 1 Thruk 1 Thruk 2024-11-21 6.1 Medium
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.
CVE-2021-35488 1 Thruk 1 Thruk 2024-11-21 6.1 Medium
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.
CVE-2021-35487 1 Nokia 1 Broadcast Message Center 2024-11-21 6.5 Medium
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.
CVE-2021-35482 1 Barco 1 Mirrorop Windows Sender 2024-11-21 7.8 High
An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system.
CVE-2021-35479 1 Nagios 1 Log Server 2024-11-21 5.4 Medium
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.
CVE-2021-35478 1 Nagios 1 Log Server 2024-11-21 5.4 Medium
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.
CVE-2021-35477 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 5.5 Medium
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
CVE-2021-35475 1 Sas 1 Environment Manager 2024-11-21 5.4 Medium
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.
CVE-2021-35474 2 Apache, Debian 2 Traffic Server, Debian Linux 2024-11-21 9.8 Critical
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
CVE-2021-35472 2 Debian, Lemonldap-ng 2 Debian Linux, Lemonldap\ 2024-11-21 8.8 High
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.
CVE-2021-35469 1 Lexmark 3 Printer Software G2, Printer Software G3, Printer Software G4 2024-11-21 7.8 High
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
CVE-2021-35465 1 Arm 8 China Star-mc1, China Star-mc1 Firmware, Cortex-m33 and 5 more 2024-11-21 3.4 Low
Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).
CVE-2021-35463 1 Liferay 1 Liferay Portal 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
CVE-2021-35458 1 Online Pet Shop We App Project 1 Online Pet Shop We App 2024-11-21 9.8 Critical
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.
CVE-2021-35456 1 Online Pet Shop Web Application Project 1 Online Pet Shop Web Application 2024-11-21 9.8 Critical
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload
CVE-2021-35452 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 6.5 Medium
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.