Search Results (363049 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-26291 4 Apache, Oracle, Quarkus and 1 more 9 Maven, Financial Services Analytical Applications Infrastructure, Goldengate Big Data And Application Adapters and 6 more 2024-11-21 9.1 Critical
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html
CVE-2021-26276 1 Godaddy 1 Node-config-shield 2024-11-21 5.3 Medium
scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data
CVE-2021-26275 1 Eslint-fixer Project 1 Eslint-fixer 2024-11-21 9.8 Critical
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted
CVE-2021-26274 1 Ninjarmm 1 Ninjarmm 2024-11-21 7.1 High
The Agent in NinjaRMM 5.0.909 has Insecure Permissions.
CVE-2021-26273 1 Ninjarmm 1 Ninjarmm 2024-11-21 7.8 High
The Agent in NinjaRMM 5.0.909 has Incorrect Access Control.
CVE-2021-26272 2 Ckeditor, Oracle 10 Ckeditor, Agile Plm, Application Express and 7 more 2024-11-21 6.5 Medium
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
CVE-2021-26271 2 Ckeditor, Oracle 7 Ckeditor, Agile Plm, Application Express and 4 more 2024-11-21 6.5 Medium
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
CVE-2021-26267 1 Cpanel 1 Cpanel 2024-11-21 7.5 High
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
CVE-2021-26266 1 Cpanel 1 Cpanel 2024-11-21 7.5 High
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
CVE-2021-26263 1 Odoo 3 Odoo, Odoo Community, Odoo Enterprise 2024-11-21 6.1 Medium
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.
CVE-2021-26260 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2024-11-21 5.5 Medium
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
CVE-2021-26259 1 Htmldoc Project 1 Htmldoc 2024-11-21 7.8 High
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
CVE-2021-26253 1 Splunk 1 Splunk 2024-11-21 8.1 High
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
CVE-2021-26252 3 Fedoraproject, Htmldoc Project, Redhat 3 Fedora, Htmldoc, Enterprise Linux 2024-11-21 7.8 High
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVE-2021-26247 1 Cacti 1 Cacti 2024-11-21 6.1 Medium
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
CVE-2021-26237 1 Faststone 1 Image Viewer 2024-11-21 7.8 High
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVE-2021-26236 1 Faststone 1 Image Viewer 2024-11-21 7.8 High
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
CVE-2021-26235 1 Faststone 1 Image Viewer 2024-11-21 7.8 High
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVE-2021-26234 1 Faststone 1 Image Viewer 2024-11-21 7.8 High
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVE-2021-26233 1 Faststone 1 Image Viewer 2024-11-21 7.8 High
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.