Total
34322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42230 | 1 Seowonintech | 2 130-slc, 130-slc Firmware | 2024-11-21 | 9.8 Critical |
| Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. | ||||
| CVE-2021-42219 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 7.5 High |
| Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. | ||||
| CVE-2021-42095 | 1 Netsarang | 1 Xshell | 2024-11-21 | 7.5 High |
| Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | ||||
| CVE-2021-42093 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.2 High |
| An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | ||||
| CVE-2021-42087 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | ||||
| CVE-2021-42086 | 1 Zammad | 1 Zammad | 2024-11-21 | 8.8 High |
| An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | ||||
| CVE-2021-42067 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 4.3 Medium |
| In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible. | ||||
| CVE-2021-42049 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions. | ||||
| CVE-2021-42002 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | ||||
| CVE-2021-42001 | 1 Pingidentity | 1 Pingid Desktop | 2024-11-21 | 8 High |
| PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | ||||
| CVE-2021-41972 | 1 Apache | 1 Superset | 2024-11-21 | 6.5 Medium |
| Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. | ||||
| CVE-2021-41873 | 1 Skyworth | 2 Penguin Aurora Box, Penguin Aurora Box Firmware | 2024-11-21 | 10.0 Critical |
| Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV. | ||||
| CVE-2021-41872 | 1 Skyworthdigital | 2 Penguin Aurora Box 41502, Penguin Aurora Box 41502 Firmware | 2024-11-21 | 7.5 High |
| Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. | ||||
| CVE-2021-41869 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. | ||||
| CVE-2021-41868 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 9.8 Critical |
| OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | ||||
| CVE-2021-41867 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature. | ||||
| CVE-2021-41865 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6. | ||||
| CVE-2021-41861 | 1 Telegram | 1 Telegram | 2024-11-21 | 3.3 Low |
| The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. | ||||
| CVE-2021-41842 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 9.8 Critical |
| An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. | ||||
| CVE-2021-41795 | 1 1password | 1 1password | 2024-11-21 | 6.5 Medium |
| The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.) | ||||