Total
34334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45840 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 9.8 Critical |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. | ||||
| CVE-2021-45839 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 6.5 Medium |
| It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. | ||||
| CVE-2021-45837 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 9.8 Critical |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. | ||||
| CVE-2021-45836 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 8.8 High |
| An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | ||||
| CVE-2021-45810 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 7.5 High |
| GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. | ||||
| CVE-2021-45809 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 9.8 Critical |
| GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter. | ||||
| CVE-2021-45807 | 1 Jpress | 1 Jpress | 2024-11-21 | 9.8 Critical |
| jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. | ||||
| CVE-2021-45789 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 6.5 Medium |
| An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function. | ||||
| CVE-2021-45763 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). | ||||
| CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. | ||||
| CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | ||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | ||||
| CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | ||||
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | ||||
| CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. | ||||
| CVE-2021-45705 | 1 Nanorand Project | 1 Nanorand | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. | ||||
| CVE-2021-45700 | 1 Nervos | 1 Ckb | 2024-11-21 | 7.5 High |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup. | ||||
| CVE-2021-45698 | 1 Nervos | 1 Ckb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction. | ||||
| CVE-2021-45697 | 1 Nervos | 1 Molecule | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result. | ||||
| CVE-2021-45695 | 1 Mopa Project | 1 Mopa | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass. | ||||