Show filters
202,392 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2021-23879

Disclosure Date: September 03, 2021 (last updated March 20, 2021)
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.
Attacker Value
Unknown

CVE-2021-21442

Disclosure Date: July 26, 2021 (last updated July 26, 2021)
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.
0
Attacker Value
Unknown

CVE-2021-21443

Disclosure Date: July 26, 2021 (last updated July 26, 2021)
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
0
Attacker Value
Unknown

CVE-2021-36091

Disclosure Date: July 26, 2021 (last updated July 26, 2021)
Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
0
Attacker Value
Unknown

CVE-2021-21440

Disclosure Date: July 26, 2021 (last updated July 26, 2021)
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
0
Attacker Value
Unknown

CVE-2021-36092

Disclosure Date: July 26, 2021 (last updated July 26, 2021)
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
0
Attacker Value
Unknown

CVE-2021-37446

Disclosure Date: July 25, 2021 (last updated July 26, 2021)
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.
0
Attacker Value
Unknown

CVE-2021-37442

Disclosure Date: July 25, 2021 (last updated July 26, 2021)
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.
0
Attacker Value
Unknown

CVE-2021-37441

Disclosure Date: July 25, 2021 (last updated July 26, 2021)
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
0
Attacker Value
Unknown

CVE-2021-37445

Disclosure Date: July 25, 2021 (last updated July 26, 2021)
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
0