Total
34322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43050 | 1 Tibco | 1 Businessconnect | 2024-11-21 | 8.4 High |
| The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | ||||
| CVE-2021-43049 | 1 Tibco | 1 Businessconnect | 2024-11-21 | 9.8 Critical |
| The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | ||||
| CVE-2021-43046 | 1 Tibco | 1 Partnerexpress | 2024-11-21 | 7.5 High |
| The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. | ||||
| CVE-2021-43040 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 8.8 High |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. | ||||
| CVE-2021-43039 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. | ||||
| CVE-2021-42952 | 1 Zepl | 1 Zepl | 2024-11-21 | 9.9 Critical |
| Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. | ||||
| CVE-2021-42951 | 1 Algorithmia | 1 Msol | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. | ||||
| CVE-2021-42950 | 1 Zepl | 1 Zepl | 2024-11-21 | 8.8 High |
| Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. | ||||
| CVE-2021-42887 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2021-42877 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | ||||
| CVE-2021-42851 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-11-21 | 6.3 Medium |
| A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. | ||||
| CVE-2021-42847 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | ||||
| CVE-2021-42794 | 1 Aveva | 1 Edge | 2024-11-21 | 5.3 Medium |
| An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses. | ||||
| CVE-2021-42775 | 1 Broadcom | 1 Emulex Hba Manager | 2024-11-21 | 9.1 Critical |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. | ||||
| CVE-2021-42773 | 1 Broadcom | 1 Emulex Hba Manager | 2024-11-21 | 7.5 High |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. | ||||
| CVE-2021-42766 | 1 Proof-of-stake Ethereum Project | 1 Proof-of-stake Ethereum | 2024-11-21 | 9.1 Critical |
| The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an increase in the profits of individual validators. | ||||
| CVE-2021-42765 | 1 Proof-of-stake Ethereum Project | 1 Proof-of-stake Ethereum | 2024-11-21 | 7.5 High |
| The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions). | ||||
| CVE-2021-42764 | 1 Proof-of-stake Ethereum Project | 1 Proof-of-stake Ethereum | 2024-11-21 | 9.1 Critical |
| The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain. | ||||
| CVE-2021-42744 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-11-21 | 6.2 Medium |
| Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access. | ||||
| CVE-2021-42575 | 3 Oracle, Owasp, Redhat | 4 Middleware Common Libraries And Tools, Primavera Unifier, Java Html Sanitizer and 1 more | 2024-11-21 | 9.8 Critical |
| The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | ||||