Total
408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37421 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | |||||
| CVE-2021-37188 | 1 Digi | 17 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 14 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. | |||||
| CVE-2021-36751 | 1 Encsecurity | 1 Datavault | 2024-11-21 | 6.4 MEDIUM | 4.2 MEDIUM |
| ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key). This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation. | |||||
| CVE-2021-36367 | 1 Putty | 1 Putty | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). | |||||
| CVE-2021-34572 | 1 Enbra | 1 Ewm | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data. | |||||
| CVE-2021-33887 | 1 Onepeloton | 2 Ttr01, Ttr01 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader. | |||||
| CVE-2021-33840 | 1 Luca-app | 1 Luca | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. | |||||
| CVE-2021-33712 | 1 Mendix | 1 Saml | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. | |||||
| CVE-2021-32665 | 1 Wire | 1 Wire | 2024-11-21 | 5.0 MEDIUM | 8.8 HIGH |
| wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an existing conversation - All the participants in the conversation were previously marked as verified. The vulnerability is patched in wire-ios version 3.8.1. As a workaround, one can unverify & verify a device in the conversation. | |||||
| CVE-2021-31783 | 1 Piwigo | 1 Localfiles Editor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check. | |||||
| CVE-2021-30005 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. | |||||
| CVE-2021-29963 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-29655 | 1 Pexip | 1 Infinity Connect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | |||||
| CVE-2021-29462 | 1 Pupnp Project | 1 Pupnp | 2024-11-21 | 7.5 HIGH | 7.6 HIGH |
| The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. | |||||
| CVE-2021-29239 | 1 Codesys | 1 Development System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | |||||
| CVE-2021-28678 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. | |||||
| CVE-2021-27759 | 1 Hcltech | 1 Bigfix Inventory | 2024-11-21 | 4.3 MEDIUM | 2.3 LOW |
| This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. | |||||
| CVE-2021-26625 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. | |||||
| CVE-2021-26610 | 2 Microsoft, Nhn-commerce | 2 Windows, Godomall5 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code. | |||||
| CVE-2021-26608 | 2 Handysoft, Microsoft | 2 Hshell, Windows | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. | |||||