Search Results (364285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33507 2 Plone, Zope 2 Plone, Zope 2024-11-21 6.1 Medium
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
CVE-2021-33506 1 8x8 1 Jitsi Meet 2024-11-21 7.5 High
jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.
CVE-2021-33505 1 Falco 1 Falco 2024-11-21 7.8 High
A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.
CVE-2021-33504 1 Couchbase 1 Couchbase Server 2024-11-21 4.9 Medium
Couchbase Server before 7.1.0 has Incorrect Access Control.
CVE-2021-33503 4 Fedoraproject, Oracle, Python and 1 more 10 Fedora, Enterprise Manager Ops Center, Instantis Enterprisetrack and 7 more 2024-11-21 7.5 High
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
CVE-2021-33502 2 Normalize-url Project, Redhat 6 Normalize-url, Acm, Enterprise Linux and 3 more 2024-11-21 7.5 High
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
CVE-2021-33501 1 Overwolf 1 Overwolf 2024-11-21 9.6 Critical
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.
CVE-2021-33500 2 Microsoft, Putty 2 Windows, Putty 2024-11-21 7.5 High
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
CVE-2021-33499 1 Pexip 1 Infinity 2024-11-21 7.5 High
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
CVE-2021-33498 1 Pexip 1 Infinity 2024-11-21 7.5 High
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
CVE-2021-33497 1 Dutchcoders 1 Transfer.sh 2024-11-21 9.1 Critical
Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.
CVE-2021-33496 1 Dutchcoders 1 Transfer.sh 2024-11-21 6.1 Medium
Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.
CVE-2021-33495 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
CVE-2021-33494 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
CVE-2021-33493 1 Open-xchange 1 Ox App Suite 2024-11-21 6.0 Medium
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
CVE-2021-33492 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat room name.
CVE-2021-33491 1 Open-xchange 1 Ox App Suite 2024-11-21 6.5 Medium
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
CVE-2021-33490 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.
CVE-2021-33489 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.
CVE-2021-33488 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.