Total
34289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37840 | 1 Aapanel | 1 Aapanel | 2024-11-21 | 8.8 High |
| aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome). | ||||
| CVE-2021-37740 | 1 Mdt | 4 Scn-ip000.03, Scn-ip000.03 Firmware, Scn-ip100.03 and 1 more | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until the device is rebooted, via a SESSION_REQUEST frame with a modified total length field. | ||||
| CVE-2021-37736 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.8 Critical |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-37707 | 1 Shopware | 1 Shopware | 2024-11-21 | 6.5 Medium |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||
| CVE-2021-37697 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2024-11-21 | 7.1 High |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround users may unload the Welcome cog. | ||||
| CVE-2021-37696 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2024-11-21 | 7.1 High |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update to the current commit. As a workaround users may unload the MassDM cog or globally disable the `[p]massdm` command. | ||||
| CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 6.5 Medium |
| Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | ||||
| CVE-2021-37554 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.3 Medium |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. | ||||
| CVE-2021-37549 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 9.1 Critical |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. | ||||
| CVE-2021-37547 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. | ||||
| CVE-2021-37543 | 1 Jetbrains | 1 Rubymine | 2024-11-21 | 8.8 High |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | ||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2024-11-21 | 6.5 Medium |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | ||||
| CVE-2021-37436 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2024-11-21 | 4.2 Medium |
| Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | ||||
| CVE-2021-37424 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. | ||||
| CVE-2021-37423 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | ||||
| CVE-2021-37384 | 1 Furukawa | 8 423-41w\/ac, 423-41w\/ac Firmware, Ld420-10r and 5 more | 2024-11-21 | 9.8 Critical |
| RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. | ||||
| CVE-2021-37349 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | ||||
| CVE-2021-37334 | 1 Umbraco | 1 Forms | 2024-11-21 | 9.8 Critical |
| Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server. | ||||
| CVE-2021-37274 | 1 Kingdee | 1 Kis Cloud | 2024-11-21 | 8.8 High |
| Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | ||||
| CVE-2021-37273 | 1 Chinatelecom | 2 Epon Tianyi Gateway Zxhn F450, Epon Tianyi Gateway Zxhn F450 Firmware | 2024-11-21 | 7.5 High |
| A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times. | ||||