Total
34334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46313 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). | ||||
| CVE-2021-46255 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.1 High |
| eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. | ||||
| CVE-2021-46250 | 1 Scratchoauth2 Project | 1 Scratchoauth2 | 2024-11-21 | 10 Critical |
| An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2. | ||||
| CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.8 High |
| Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | ||||
| CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | ||||
| CVE-2021-46101 | 1 Gitforwindows | 1 Git | 2024-11-21 | 7.5 High |
| In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. | ||||
| CVE-2021-46088 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 7.2 High |
| Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user. | ||||
| CVE-2021-46067 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 9.8 Critical |
| In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. | ||||
| CVE-2021-46062 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.1 High |
| MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. | ||||
| CVE-2021-46045 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | ||||
| CVE-2021-46041 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. | ||||
| CVE-2021-46037 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 8.1 High |
| MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | ||||
| CVE-2021-45983 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 9.8 Critical |
| NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | ||||
| CVE-2021-45980 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 7.8 High |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API. | ||||
| CVE-2021-45977 | 1 Jetbrains | 7 Clion, Goland, Intellij Idea and 4 more | 2024-11-21 | 9.8 Critical |
| JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. | ||||
| CVE-2021-45915 | 1 Luxsoft | 1 Luxcal | 2024-11-21 | 9.8 Critical |
| In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. | ||||
| CVE-2021-45914 | 1 Luxsoft | 1 Luxcal | 2024-11-21 | 9.8 Critical |
| In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. | ||||
| CVE-2021-45898 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | ||||
| CVE-2021-45897 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | ||||
| CVE-2021-45842 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 7.5 High |
| It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. | ||||