Total
34322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40441 | 1 Microsoft | 7 Windows 7, Windows 8.1, Windows Rt 8.1 and 4 more | 2024-11-21 | 7.8 High |
| Windows Media Center Elevation of Privilege Vulnerability | ||||
| CVE-2021-40387 | 1 Kaseya | 1 Unitrends Backup Software | 2024-11-21 | 8.8 High |
| An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. | ||||
| CVE-2021-40386 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 9.8 Critical |
| Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | ||||
| CVE-2021-40385 | 1 Kaseya | 1 Unitrends Backup Software | 2024-11-21 | 8.8 High |
| An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. | ||||
| CVE-2021-40347 | 1 Postorius Project | 1 Postorius | 2024-11-21 | 5.4 Medium |
| An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. | ||||
| CVE-2021-40330 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2024-11-21 | 7.5 High |
| git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. | ||||
| CVE-2021-40329 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 9.8 Critical |
| The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. | ||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 7.5 High |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | ||||
| CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | ||||
| CVE-2021-40171 | 1 Securitashome | 2 Securitashome Alarm System, Securitashome Alarm System Firmware | 2024-11-21 | 5.3 Medium |
| The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system. | ||||
| CVE-2021-40147 | 1 Emtec | 1 Zoc | 2024-11-21 | 9.8 Critical |
| EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198. | ||||
| CVE-2021-40146 | 1 Apache | 1 Any23 | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. | ||||
| CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 High |
| An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | ||||
| CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | ||||
| CVE-2021-40089 | 1 Primekey | 1 Ejbca | 2024-11-21 | 2.3 Low |
| An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run. | ||||
| CVE-2021-40085 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Neutron, Openstack | 2024-11-21 | 6.5 Medium |
| An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. | ||||
| CVE-2021-40065 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40063 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-40055 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.9 Medium |
| There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. | ||||
| CVE-2021-40051 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. | ||||