Total
32421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42294 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2021-42293 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability | |||||
| CVE-2021-42288 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 3.6 LOW | 5.7 MEDIUM |
| Windows Hello Security Feature Bypass Vulnerability | |||||
| CVE-2021-42284 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | 7.1 HIGH | 6.8 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-42276 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||
| CVE-2021-42275 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||
| CVE-2021-42274 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | |||||
| CVE-2021-42252 | 2 Linux, Netapp | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | |||||
| CVE-2021-42242 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | |||||
| CVE-2021-42230 | 1 Seowonintech | 2 130-slc, 130-slc Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. | |||||
| CVE-2021-42219 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. | |||||
| CVE-2021-42113 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
| An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-42095 | 1 Netsarang | 1 Xshell | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | |||||
| CVE-2021-42093 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | |||||
| CVE-2021-42087 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | |||||
| CVE-2021-42086 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | |||||
| CVE-2021-42067 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible. | |||||
| CVE-2021-42060 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-42049 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions. | |||||
| CVE-2021-42002 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | |||||