Export limit exceeded: 35470 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43172 | 1 Nlnetlabs | 1 Routinator | 2024-11-21 | 7.5 High |
| NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all. | ||||
| CVE-2021-43142 | 1 Jox Project | 1 Jox | 2024-11-21 | 9.8 Critical |
| An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. | ||||
| CVE-2021-43090 | 1 Predic8 | 1 Soa Model | 2024-11-21 | 9.8 Critical |
| An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. | ||||
| CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 8.4 High |
| A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | ||||
| CVE-2021-43064 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 Medium |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. | ||||
| CVE-2021-43058 | 1 Replicated | 1 Replicated Classic | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site. | ||||
| CVE-2021-42776 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 7.7 High |
| CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. | ||||
| CVE-2021-42749 | 1 Fastlinemedia | 1 Beaver Themer | 2024-11-21 | 5.3 Medium |
| In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set. | ||||
| CVE-2021-42714 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2024-11-21 | 7.8 High |
| Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-42713 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2024-11-21 | 7.8 High |
| Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-42712 | 1 Splashtop | 1 Streamer | 2024-11-21 | 7.8 High |
| Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-42697 | 1 Akka | 1 Http Server | 2024-11-21 | 7.5 High |
| Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | ||||
| CVE-2021-42646 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | 9.1 Critical |
| XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests. | ||||
| CVE-2021-42641 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 7.5 High |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | ||||
| CVE-2021-42640 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 9.1 Critical |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | ||||
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2024-11-21 | 5.4 Medium |
| An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. | ||||
| CVE-2021-42560 | 1 Mitre | 1 Caldera | 2024-11-21 | 8.8 High |
| An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.). | ||||
| CVE-2021-42545 | 1 Business-dnasolutions | 1 Topease | 2024-11-21 | 8.1 High |
| An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | ||||
| CVE-2021-42536 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 8 High |
| The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | ||||
| CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2024-11-21 | 7.8 High |
| AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | ||||