Total
34251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28677 | 3 Fedoraproject, Python, Redhat | 3 Fedora, Pillow, Enterprise Linux | 2024-11-21 | 7.5 High |
| An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. | ||||
| CVE-2021-28673 | 1 Xerox | 46 Phaser 6510, Phaser 6510 Firmware, Versalink B400 and 43 more | 2024-11-21 | 9.8 Critical |
| Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface. | ||||
| CVE-2021-28671 | 1 Xerox | 48 Phaser 6510, Phaser 6510 Firmware, Versalink B400 and 45 more | 2024-11-21 | 9.8 Critical |
| Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 have a remote Command Execution vulnerability in the Web User Interface that allows remote attackers with "a weaponized clone file" to execute arbitrary commands. | ||||
| CVE-2021-28670 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 9.1 Critical |
| Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. | ||||
| CVE-2021-28566 | 1 Magento | 1 Magento | 2024-11-21 | 3.7 Low |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation. | ||||
| CVE-2021-28507 | 1 Arista | 1 Eos | 2024-11-21 | 5.5 Medium |
| An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. | ||||
| CVE-2021-28501 | 1 Arista | 1 Terminattr | 2024-11-21 | 9.1 Critical |
| An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | ||||
| CVE-2021-28483 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28482 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28481 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.8 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28480 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.8 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-28479 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 5.5 Medium |
| Windows CSC Service Information Disclosure Vulnerability | ||||
| CVE-2021-28477 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-28476 | 1 Microsoft | 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more | 2024-11-21 | 9.9 Critical |
| Windows Hyper-V Remote Code Execution Vulnerability | ||||
| CVE-2021-28475 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-28473 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-28472 | 1 Microsoft | 1 Vscode-maven | 2024-11-21 | 7.8 High |
| Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | ||||
| CVE-2021-28471 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2021-28470 | 1 Microsoft | 2 Visual Studio Code Github Pull Requests And Issues, Visual Studio Code Github Pull Requests And Issues Extension | 2024-11-21 | 7.8 High |
| Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | ||||
| CVE-2021-28469 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||