Export limit exceeded: 10192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10192 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37214 | 1 Larvata | 1 Flygo | 2024-11-21 | 8.8 High |
| The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command. | ||||
| CVE-2021-37213 | 1 Larvata | 1 Flygo | 2024-11-21 | 4.3 Medium |
| The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record. | ||||
| CVE-2021-37212 | 1 Larvata | 1 Flygo | 2024-11-21 | 5.4 Medium |
| The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content. | ||||
| CVE-2021-37184 | 1 Siemens | 1 Industrial Edge Management | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system. | ||||
| CVE-2021-37178 | 1 Siemens | 2 Solid Edge Se2021, Solid Edge Se2021 Firmware | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file. | ||||
| CVE-2021-37156 | 1 Redmine | 1 Redmine | 2024-11-21 | 7.5 High |
| Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. | ||||
| CVE-2021-37112 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.3 Medium |
| Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak. | ||||
| CVE-2021-36804 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 5.4 Medium |
| Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please note that this issue is ultimately caused by the defaults provided by the Laravel framework, specifically how proxy headers are handled with respect to multi-tenant implementations. In other words, while this is not technically a vulnerability in Laravel, this default configuration is very likely to lead to practically identical identical vulnerabilities in Laravel projects that implement multi-tenant applications. | ||||
| CVE-2021-36801 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 8.1 High |
| Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product. | ||||
| CVE-2021-36773 | 4 Debian, Sciruby, Ublockorigin and 1 more | 4 Debian Linux, Nmatrix, Ublock Origin and 1 more | 2024-11-21 | 7.5 High |
| uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). | ||||
| CVE-2021-36710 | 1 Toaruos | 1 Toaruos | 2024-11-21 | 8.8 High |
| ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0. | ||||
| CVE-2021-36708 | 1 Prolink | 2 Prc2402m, Prc2402m Firmware | 2024-11-21 | 7.5 High |
| In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. | ||||
| CVE-2021-36691 | 1 Libjxl Project | 1 Libjxl | 2024-11-21 | 7.5 High |
| libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service. | ||||
| CVE-2021-36580 | 1 Icewarp | 2 Icewarp Server, Mail Server | 2024-11-21 | 6.1 Medium |
| Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | ||||
| CVE-2021-36539 | 1 Instructure | 1 Canvas Learning Management Service | 2024-11-21 | 6.5 Medium |
| Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). | ||||
| CVE-2021-36409 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | 7.8 High |
| There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. | ||||
| CVE-2021-36389 | 1 Yellowfinbi | 1 Yellowfin | 2024-11-21 | 7.5 High |
| In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4". | ||||
| CVE-2021-36388 | 1 Yellowfinbi | 1 Yellowfin | 2024-11-21 | 7.5 High |
| In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4". | ||||
| CVE-2021-36387 | 1 Yellowfinbi | 1 Yellowfin | 2024-11-21 | 5.4 Medium |
| In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4". | ||||
| CVE-2021-36386 | 3 Fedoraproject, Fetchmail, Redhat | 3 Fedora, Fetchmail, Enterprise Linux | 2024-11-21 | 7.5 High |
| report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. | ||||