Search Results (366877 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43337 2 Fedoraproject, Schedmd 2 Fedora, Slurm 2024-11-21 6.5 Medium
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.
CVE-2021-43336 2 Opendesign, Siemens 4 Drawings Software Development Kit, Jt2go, Solid Edge and 1 more 2024-11-21 7.8 High
An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43334 1 Buddyboss 1 Buddyboss 2024-11-21 5.4 Medium
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.
CVE-2021-43333 1 Datalogic 1 Dxu 2024-11-21 6.5 Medium
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.
CVE-2021-43332 2 Debian, Gnu 2 Debian Linux, Mailman 2024-11-21 6.5 Medium
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
CVE-2021-43331 2 Debian, Gnu 2 Debian Linux, Mailman 2024-11-21 6.1 Medium
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
CVE-2021-43329 1 Mumara 1 Classic 2024-11-21 9.8 Critical
A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.
CVE-2021-43327 1 Renesas 4 Rx65, Rx65 Firmware, Rx65n and 1 more 2024-11-21 4.6 Medium
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.
CVE-2021-43326 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
CVE-2021-43325 2 Automox, Microsoft 2 Automox, Windows 2024-11-21 7.8 High
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
CVE-2021-43324 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
LibreNMS through 21.10.2 allows XSS via a widget title.
CVE-2021-43319 1 Zohocorp 1 Manageengine Network Configuration Manager 2024-11-21 9.8 Critical
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
CVE-2021-43309 1 Litejs 1 Uri-template-lite 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
CVE-2021-43308 1 Markdown-link-extractor Project 1 Markdown-link-extractor 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
CVE-2021-43307 1 Semver-regex Project 1 Semver-regex 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
CVE-2021-43306 1 Jqueryvalidation 1 Jquery Validation 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
CVE-2021-43298 1 Embedthis 1 Goahead 2024-11-21 9.8 Critical
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.
CVE-2021-43297 1 Apache 1 Dubbo 2024-11-21 9.8 Critical
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5.
CVE-2021-43296 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 7.5 High
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2021-43295 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 6.1 Medium
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.