Search Results (363384 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28096 1 Stormshield 1 Stormshield Network Security 2024-11-21 5.3 Medium
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
CVE-2021-28095 1 Open-xchange 1 Open-xchange Documents 2024-11-21 4.8 Medium
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.
CVE-2021-28094 1 Open-xchange 1 Open-xchange Documents 2024-11-21 6.5 Medium
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.
CVE-2021-28093 1 Open-xchange 1 Open-xchange Documents 2024-11-21 6.5 Medium
OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.
CVE-2021-28092 2 Is-svg Project, Redhat 3 Is-svg, Acm, Openshift 2024-11-21 7.5 High
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
CVE-2021-28091 4 Debian, Entrouvert, Fedoraproject and 1 more 4 Debian Linux, Lasso, Fedora and 1 more 2024-11-21 7.5 High
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
CVE-2021-28090 2 Fedoraproject, Torproject 2 Fedora, Tor 2024-11-21 5.3 Medium
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
CVE-2021-28089 2 Fedoraproject, Torproject 2 Fedora, Tor 2024-11-21 7.5 High
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
CVE-2021-28088 1 Impresscms 1 Impresscms 2024-11-21 5.4 Medium
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
CVE-2021-28079 1 Jamovi 1 Jamovi 2024-11-21 6.1 Medium
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.
CVE-2021-28075 1 Ikuai8 1 Ikuaios 2024-11-21 7.5 High
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.
CVE-2021-28070 1 Popojicms 1 Popojicms 2024-11-21 4.3 Medium
Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete.
CVE-2021-28060 1 Group-office 1 Group Office 2024-11-21 5.3 Medium
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
CVE-2021-28055 1 Centreon 1 Centreon 2024-11-21 6.5 Medium
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
CVE-2021-28054 1 Centreon 1 Centreon 2024-11-21 5.4 Medium
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.
CVE-2021-28053 1 Centreon 1 Centreon 2024-11-21 8.8 High
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
CVE-2021-28048 1 Devolutions 1 Devolutions Server 2024-11-21 6.5 Medium
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-28047 1 Devolutions 1 Remote Desktop Manager 2024-11-21 5.4 Medium
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.
CVE-2021-28042 1 Deutschepost 1 Mailoptimizer 2024-11-21 7.8 High
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041 4 Fedoraproject, Netapp, Openbsd and 1 more 11 Fedora, Cloud Backup, Hci Compute Node and 8 more 2024-11-21 7.1 High
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.