Latest CVE Feed
-
6.1
MEDIUMCVE-2021-23932
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.... Read more
Affected Products : open-xchange_appsuite- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23931
OX App Suite through 7.10.4 allows XSS via an inline binary file.... Read more
Affected Products : open-xchange_appsuite- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23930
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.... Read more
Affected Products : open-xchange_appsuite- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23929
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.... Read more
Affected Products : open-xchange_appsuite- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23928
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.... Read more
Affected Products : open-xchange_appsuite- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-23927
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.... Read more
Affected Products : open-xchange_appsuite- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-23926
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.... Read more
- Published: Jan. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23925
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.... Read more
Affected Products : devolutions_server- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23924
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.... Read more
Affected Products : devolutions_server- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-23923
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.... Read more
Affected Products : devolutions_server- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-23922
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.... Read more
Affected Products : remote_desktop_manager- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-23921
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.... Read more
Affected Products : devolutions_server- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23910
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.... Read more
- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23909
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.... Read more
- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23908
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.... Read more
Affected Products : headunit_ntg6_mercedes-benz_user_experience a_220 a_220_4matic e_350 e_350_4matic eqc gle_350 gle_350_4matic- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23907
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.... Read more
- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-23906
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.... Read more
Affected Products : mercedes-benz_user_experience a_220 a_220_4matic e_350 e_350_4matic eqc gle_350 gle_350_4matic- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-23901
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfer... Read more
- Published: Jan. 25, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23900
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.... Read more
Affected Products : json-sanitizer- Published: Jan. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23899
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.... Read more
Affected Products : json-sanitizer- Published: Jan. 13, 2021
- Modified: Nov. 21, 2024