Search Results (36863 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38164 1 Sap 1 Erp Financial Accounting 2024-11-21 5.4 Medium
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
CVE-2021-38159 1 Progress 1 Moveit Transfer 2024-11-21 9.8 Critical
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).
CVE-2021-38145 1 Formtools 1 Core 2024-11-21 9.8 Critical
An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&export_type_id=1.
CVE-2021-38137 1 Corero 1 Securewatch Managed Services 2024-11-21 8.1 High
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.
CVE-2021-38112 1 Amazon 1 Aws Workspaces 2024-11-21 8.8 High
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
CVE-2021-38017 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2021-38016 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2021-38012 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-38007 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-38001 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37832 1 Digitaldruid 1 Hoteldruid 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
CVE-2021-37819 1 Pdftk-java Project 1 Pdftk-java 2024-11-21 7.5 High
PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.
CVE-2021-37808 1 Phpgurukul 1 News Portal 2024-11-21 5.9 Medium
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.
CVE-2021-37807 1 Phpgurukul 1 Online Shopping Portal 2024-11-21 7.5 High
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.
CVE-2021-37806 1 Phpgurukul 1 Vehicle Parking Management System 2024-11-21 5.9 Medium
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.
CVE-2021-37803 1 Online Covid Vaccination Scheduler System Project 1 Online Covid Vaccination Scheduler System 2024-11-21 8.1 High
An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .
CVE-2021-37764 1 Xos-shop 1 Xos Shop System 2024-11-21 8.1 High
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php.
CVE-2021-37749 1 Hexagongeospatial 1 Geomedia Webmap 2024-11-21 9.8 Critical
MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.
CVE-2021-37738 1 Arubanetworks 1 Clearpass Policy Manager 2024-11-21 7.5 High
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
CVE-2021-37737 1 Arubanetworks 1 Clearpass Policy Manager 2024-11-21 8.8 High
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.