Total
32392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37707 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | |||||
| CVE-2021-37697 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround users may unload the Welcome cog. | |||||
| CVE-2021-37696 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update to the current commit. As a workaround users may unload the MassDM cog or globally disable the `[p]massdm` command. | |||||
| CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
| Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | |||||
| CVE-2021-37554 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. | |||||
| CVE-2021-37549 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. | |||||
| CVE-2021-37547 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. | |||||
| CVE-2021-37543 | 1 Jetbrains | 1 Rubymine | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2021-37436 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
| Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | |||||
| CVE-2021-37424 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. | |||||
| CVE-2021-37423 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | |||||
| CVE-2021-37384 | 1 Furukawa | 8 423-41w\/ac, 423-41w\/ac Firmware, Ld420-10r and 5 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. | |||||
| CVE-2021-37349 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | |||||
| CVE-2021-37334 | 1 Umbraco | 1 Forms | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server. | |||||
| CVE-2021-37274 | 1 Kingdee | 1 Kis Cloud | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | |||||
| CVE-2021-37273 | 1 Chinatelecom | 2 Epon Tianyi Gateway Zxhn F450, Epon Tianyi Gateway Zxhn F450 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times. | |||||
| CVE-2021-37254 | 1 M-files | 1 M-files Web | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | |||||
| CVE-2021-37222 | 1 Rcdcap Project | 1 Rcdcap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets. | |||||
| CVE-2021-37155 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. | |||||