Search Results (363299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28090 2 Fedoraproject, Torproject 2 Fedora, Tor 2024-11-21 5.3 Medium
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
CVE-2021-28089 2 Fedoraproject, Torproject 2 Fedora, Tor 2024-11-21 7.5 High
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
CVE-2021-28088 1 Impresscms 1 Impresscms 2024-11-21 5.4 Medium
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
CVE-2021-28079 1 Jamovi 1 Jamovi 2024-11-21 6.1 Medium
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.
CVE-2021-28075 1 Ikuai8 1 Ikuaios 2024-11-21 7.5 High
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.
CVE-2021-28070 1 Popojicms 1 Popojicms 2024-11-21 4.3 Medium
Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete.
CVE-2021-28060 1 Group-office 1 Group Office 2024-11-21 5.3 Medium
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
CVE-2021-28055 1 Centreon 1 Centreon 2024-11-21 6.5 Medium
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
CVE-2021-28054 1 Centreon 1 Centreon 2024-11-21 5.4 Medium
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.
CVE-2021-28053 1 Centreon 1 Centreon 2024-11-21 8.8 High
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
CVE-2021-28048 1 Devolutions 1 Devolutions Server 2024-11-21 6.5 Medium
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-28047 1 Devolutions 1 Remote Desktop Manager 2024-11-21 5.4 Medium
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.
CVE-2021-28042 1 Deutschepost 1 Mailoptimizer 2024-11-21 7.8 High
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041 4 Fedoraproject, Netapp, Openbsd and 1 more 11 Fedora, Cloud Backup, Hci Compute Node and 8 more 2024-11-21 7.1 High
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-28040 1 Ossec 1 Ossec 2024-11-21 7.5 High
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.
CVE-2021-28039 3 Linux, Netapp, Xen 4 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller Firmware and 1 more 2024-11-21 6.5 Medium
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
CVE-2021-28038 3 Debian, Linux, Netapp 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more 2024-11-21 6.5 Medium
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
CVE-2021-28037 1 Internment Project 1 Internment 2024-11-21 9.8 Critical
An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>.
CVE-2021-28036 1 Quinn Project 1 Quinn 2024-11-21 7.5 High
An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.
CVE-2021-28035 1 Stack Dst Project 1 Stack Dst 2024-11-21 9.8 Critical
An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.