Total
32421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43177 | 1 Tinfoilsecurity | 1 Devise-two-factor | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) | |||||
| CVE-2021-43145 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | |||||
| CVE-2021-43110 | 1 Puneethreddyhc Online-shopping-system Project | 1 Puneethreddyhc Online-shopping-system | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products. | |||||
| CVE-2021-43105 | 1 Technitium | 1 Dns Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack. | |||||
| CVE-2021-43056 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. | |||||
| CVE-2021-43055 | 1 Tibco | 1 Eftl | 2024-11-21 | 6.5 MEDIUM | 5.9 MEDIUM |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2021-43054 | 1 Tibco | 1 Eftl | 2024-11-21 | 6.5 MEDIUM | 7.1 HIGH |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2021-43053 | 1 Tibco | 1 Ftl | 2024-11-21 | 5.0 MEDIUM | 8.5 HIGH |
| The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2021-43050 | 1 Tibco | 1 Businessconnect | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | |||||
| CVE-2021-43049 | 1 Tibco | 1 Businessconnect | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | |||||
| CVE-2021-43046 | 1 Tibco | 1 Partnerexpress | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. | |||||
| CVE-2021-43040 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. | |||||
| CVE-2021-43039 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. | |||||
| CVE-2021-42952 | 1 Zepl | 1 Zepl | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. | |||||
| CVE-2021-42951 | 1 Algorithmia | 1 Msol | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. | |||||
| CVE-2021-42950 | 1 Zepl | 1 Zepl | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. | |||||
| CVE-2021-42887 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||||
| CVE-2021-42877 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | |||||
| CVE-2021-42851 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
| A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. | |||||
| CVE-2021-42847 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | |||||