Total
34322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40864 | 1 Onlyoffice | 1 Google Translate | 2024-11-21 | 9.8 Critical |
| The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. | ||||
| CVE-2021-40837 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2024-11-21 | 4.6 Medium |
| A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | ||||
| CVE-2021-40836 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2024-11-21 | 4.6 Medium |
| A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | ||||
| CVE-2021-40832 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | 5.5 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | ||||
| CVE-2021-40695 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | ||||
| CVE-2021-40691 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| A session hijack risk was identified in the Shibboleth authentication plugin. | ||||
| CVE-2021-40684 | 1 Talend | 1 Esb Runtime | 2024-11-21 | 9.1 Critical |
| Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. | ||||
| CVE-2021-40643 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 9.8 Critical |
| EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail"). | ||||
| CVE-2021-40612 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. | ||||
| CVE-2021-40567 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. | ||||
| CVE-2021-40540 | 1 Ulfius Project | 1 Ulfius | 2024-11-21 | 9.8 Critical |
| ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests. | ||||
| CVE-2021-40532 | 1 Telegram | 1 Web K Alpha | 2024-11-21 | 9.8 Critical |
| Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. | ||||
| CVE-2021-40521 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 9.8 Critical |
| Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. | ||||
| CVE-2021-40498 | 1 Sap | 1 Successfactors Mobile | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks. | ||||
| CVE-2021-40495 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 5.3 Medium |
| There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform. | ||||
| CVE-2021-40486 | 1 Microsoft | 6 Office, Office Online Server, Office Web Apps Server and 3 more | 2024-11-21 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2021-40484 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 7.6 High |
| Microsoft SharePoint Server Spoofing Vulnerability | ||||
| CVE-2021-40483 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 7.6 High |
| Microsoft SharePoint Server Spoofing Vulnerability | ||||
| CVE-2021-40482 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 5.3 Medium |
| Microsoft SharePoint Server Information Disclosure Vulnerability | ||||
| CVE-2021-40481 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 7.1 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||