Total
32421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44747 | 1 F-secure | 5 Atlant, Elements Endpoint Protection, Internet Gatekeeper and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | |||||
| CVE-2021-44746 | 1 Nec | 9 Univerge Dt800 Data Maintenance Tool, Univerge Dt820, Univerge Dt820 Firmware and 6 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained. | |||||
| CVE-2021-44663 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | |||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | |||||
| CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | |||||
| CVE-2021-44596 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges | |||||
| CVE-2021-44564 | 1 Kalkitech | 40 Sync2000-m1, Sync2000-m1 Firmware, Sync2000-m2 and 37 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). | |||||
| CVE-2021-44547 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 9.1 CRITICAL |
| A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | |||||
| CVE-2021-44526 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | |||||
| CVE-2021-44486 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. | |||||
| CVE-2021-44476 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.8 MEDIUM |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | |||||
| CVE-2021-44460 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. | |||||
| CVE-2021-44425 | 1 Anydesk | 1 Anydesk | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port). | |||||
| CVE-2021-44246 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. | |||||
| CVE-2021-44219 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gin-Vue-Admin before 2.4.6 mishandles a SQL database. | |||||
| CVE-2021-44166 | 1 Fortinet | 1 Fortitoken Mobile | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. | |||||
| CVE-2021-44127 | 1 Dlink | 2 Dap-1360, Dap-1360f1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. | |||||
| CVE-2021-44087 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. | |||||
| CVE-2021-43997 | 1 Amazon | 1 Freertos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3. | |||||
| CVE-2021-43988 | 1 Fanuc | 1 Roboguide | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights. | |||||