Search Results (367003 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44210 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
CVE-2021-44209 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
CVE-2021-44208 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
CVE-2021-44206 2 Acronis, Microsoft 3 Cyber Protect Home Office, True Image, Windows 2024-11-21 7.3 High
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
CVE-2021-44205 2 Acronis, Microsoft 3 Cyber Protect Home Office, True Image, Windows 2024-11-21 7.3 High
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
CVE-2021-44204 2 Acronis, Microsoft 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more 2024-11-21 7.8 High
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
CVE-2021-44203 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-11-21 5.4 Medium
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
CVE-2021-44202 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-11-21 5.4 Medium
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
CVE-2021-44201 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-11-21 6.1 Medium
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
CVE-2021-44200 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-11-21 5.4 Medium
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
CVE-2021-44199 2 Acronis, Microsoft 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more 2024-11-21 5.5 Medium
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
CVE-2021-44198 2 Acronis, Microsoft 2 Cyber Protect, Windows 2024-11-21 7.8 High
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
CVE-2021-44178 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 5.4 Medium
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
CVE-2021-44177 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 8.1 High
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-44176 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 8.1 High
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-44172 1 Fortinet 1 Forticlient Endpoint Management Server 2024-11-21 3.6 Low
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.
CVE-2021-44171 1 Fortinet 1 Fortios 2024-11-21 9 Critical
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.
CVE-2021-44170 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 6.7 Medium
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
CVE-2021-44169 1 Fortinet 1 Forticlient 2024-11-21 8.2 High
A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.
CVE-2021-44167 1 Fortinet 1 Forticlient 2024-11-21 6.8 Medium
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.