Total
32365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35225 | 1 Solarwinds | 1 Network Performance Monitor | 2024-11-21 | 5.5 MEDIUM | 5.0 MEDIUM |
| Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. | |||||
| CVE-2021-35223 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 6.5 MEDIUM | 8.5 HIGH |
| The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution. | |||||
| CVE-2021-35219 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.0 MEDIUM | 6.0 MEDIUM |
| ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. | |||||
| CVE-2021-35063 | 3 Debian, Fedoraproject, Oisf | 3 Debian Linux, Fedora, Suricata | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." | |||||
| CVE-2021-35053 | 2 Kaspersky, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. | |||||
| CVE-2021-34824 | 1 Istio | 1 Istio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. | |||||
| CVE-2021-34814 | 1 Proofpoint | 1 Spam Engine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | |||||
| CVE-2021-34801 | 1 Valine.js | 1 Valine | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. | |||||
| CVE-2021-34691 | 2 Idrive, Linux | 2 Remotepc, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | |||||
| CVE-2021-34683 | 1 Eic | 1 E-document System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page. | |||||
| CVE-2021-34682 | 1 Gov | 1 Imposto De Renda Da Pessoa Fisica 2021 | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. | |||||
| CVE-2021-34679 | 1 Thycotic | 1 Password Reset Server | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | |||||
| CVE-2021-34629 | 1 Sendgrid | 1 Sendgrid | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8. | |||||
| CVE-2021-34618 | 1 Aruba | 1 Aruba Instant | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-34579 | 1 Phoenixcontact | 1 Fl Mguard Dm | 2024-11-21 | N/A | 7.5 HIGH |
| In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections. | |||||
| CVE-2021-34534 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 5.1 MEDIUM | 6.8 MEDIUM |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2021-34533 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | |||||
| CVE-2021-34532 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| ASP.NET Core and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2021-34530 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||
| CVE-2021-34529 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||