Search Results (Refine Search)

Search Parameters:
There are 155,357 matching records.
Displaying matches 1,381 through 1,400.
Vuln ID Summary CVSS Severity
CVE-2021-25931

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`. This flaw allows assigning `ROLE_ADMIN` security role to a normal user. Using this flaw, an attacker can trick the admin user to assign administrator privileges to a normal user by enticing him to click upon an attacker-controlled website.

Published: May 20, 2021; 11:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-25929

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since there is no validation on the input being sent to the `name` parameter in `noticeWizard` endpoint. Due to this flaw an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files.

Published: May 20, 2021; 11:15:07 AM -0400
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4850

IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298.

Published: May 20, 2021; 11:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-21053

Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

Published: May 20, 2021; 11:15:07 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-3438

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

Published: May 20, 2021; 10:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-28112

Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker.

Published: May 20, 2021; 10:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-28111

Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker.

Published: May 20, 2021; 10:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-27434

Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

Published: May 20, 2021; 10:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-25930

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. As a result, privileges of the renamed user are being overwritten by the old user and the old user is being deleted from the user list.

Published: May 20, 2021; 10:15:07 AM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-24396

homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.

Published: May 20, 2021; 10:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-24395

The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.

Published: May 20, 2021; 10:15:07 AM -0400
V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

Published: May 20, 2021; 9:15:07 AM -0400
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2021-3480

A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.

Published: May 20, 2021; 9:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Published: May 20, 2021; 9:15:07 AM -0400
V3.1: 5.7 MEDIUM
V2.0: 2.7 LOW
CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.

Published: May 20, 2021; 9:15:07 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-27467

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.

Published: May 20, 2021; 8:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2021-27465

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.

Published: May 20, 2021; 8:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-27463

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.

Published: May 20, 2021; 8:15:08 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-27461

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.

Published: May 20, 2021; 8:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-27459

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.

Published: May 20, 2021; 8:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH