Search Results (366763 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-42838 1 Vice 1 Webopac 2024-11-21 6.1 Medium
Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks.
CVE-2021-42837 1 Talend 1 Data Catalog 2024-11-21 9.8 Critical
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.
CVE-2021-42836 1 Gjson Project 1 Gjson 2024-11-21 7.5 High
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
CVE-2021-42835 2 Microsoft, Plex 2 Windows, Media Server 2024-11-21 7.0 High
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM).
CVE-2021-42833 1 Xylem 1 Aquaview 2024-11-21 9.3 Critical
A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings.
CVE-2021-42811 1 Thalesgroup 1 Safenet Keysecure 2024-11-21 3.3 Low
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed.
CVE-2021-42810 1 Thalesgroup 1 Safenet Authentication Service Remote Desktop Gateway 2024-11-21 7.8 High
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.
CVE-2021-42809 2 Microsoft, Thalesgroup 2 Windows, Sentinel Protection Installer 2024-11-21 6.5 Medium
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
CVE-2021-42808 2 Microsoft, Thalesgroup 2 Windows, Sentinel Protection Installer 2024-11-21 6.5 Medium
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
CVE-2021-42797 1 Aveva 1 Edge 2024-11-21 7.5 High
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
CVE-2021-42796 1 Aveva 1 Edge 2024-11-21 9.8 Critical
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
CVE-2021-42794 1 Aveva 1 Edge 2024-11-21 5.3 Medium
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
CVE-2021-42791 1 Veridiumid 1 Veridiumad 2024-11-21 7.3 High
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.
CVE-2021-42787 1 Riverbed 1 Steelcentral Appinternals Dynamic Sampling Agent 2024-11-21 9.4 Critical
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
CVE-2021-42786 1 Riverbed 1 Steelcentral Appinternals Dynamic Sampling Agent 2024-11-21 9.8 Critical
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.
CVE-2021-42785 1 Tightvnc 1 Tightvnc 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
CVE-2021-42784 1 Dlink 2 Dwr-932c, Dwr-932c E1 Firmware 2024-11-21 9.8 Critical
OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.
CVE-2021-42783 1 Dlink 2 Dwr-932c, Dwr-932c E1 Firmware 2024-11-21 9.8 Critical
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.
CVE-2021-42776 1 Cloverdx 1 Cloverdx 2024-11-21 7.7 High
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
CVE-2021-42775 1 Broadcom 1 Emulex Hba Manager 2024-11-21 9.1 Critical
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.