Total
34285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35495 | 1 Tibco | 1 Jasperreports Server | 2024-11-21 | 9 Critical |
| The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0. | ||||
| CVE-2021-35482 | 1 Barco | 1 Mirrorop Windows Sender | 2024-11-21 | 7.8 High |
| An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system. | ||||
| CVE-2021-35326 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. | ||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2024-11-21 | 7.5 High |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | ||||
| CVE-2021-35249 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 4.3 Medium |
| This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. | ||||
| CVE-2021-35235 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5.3 Medium |
| The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. | ||||
| CVE-2021-35233 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5.3 Medium |
| The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. | ||||
| CVE-2021-35225 | 1 Solarwinds | 1 Network Performance Monitor | 2024-11-21 | 5 Medium |
| Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. | ||||
| CVE-2021-35223 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 8.5 High |
| The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution. | ||||
| CVE-2021-35219 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6 Medium |
| ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. | ||||
| CVE-2021-35063 | 3 Debian, Fedoraproject, Oisf | 3 Debian Linux, Fedora, Suricata | 2024-11-21 | 7.5 High |
| Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." | ||||
| CVE-2021-35053 | 2 Kaspersky, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.5 High |
| Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. | ||||
| CVE-2021-34824 | 1 Istio | 1 Istio | 2024-11-21 | 8.8 High |
| Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. | ||||
| CVE-2021-34814 | 1 Proofpoint | 1 Spam Engine | 2024-11-21 | 7.5 High |
| Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | ||||
| CVE-2021-34801 | 1 Valine.js | 1 Valine | 2024-11-21 | 5.3 Medium |
| Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. | ||||
| CVE-2021-34691 | 2 Idrive, Linux | 2 Remotepc, Linux Kernel | 2024-11-21 | 7.5 High |
| iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | ||||
| CVE-2021-34683 | 1 Eic | 1 E-document System | 2024-11-21 | 5.3 Medium |
| An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page. | ||||
| CVE-2021-34682 | 1 Gov | 1 Imposto De Renda Da Pessoa Fisica 2021 | 2024-11-21 | 3.7 Low |
| Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. | ||||
| CVE-2021-34679 | 1 Thycotic | 1 Password Reset Server | 2024-11-21 | 10 Critical |
| Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | ||||
| CVE-2021-34629 | 1 Sendgrid | 1 Sendgrid | 2024-11-21 | 4.3 Medium |
| The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8. | ||||