Total
34825 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45897 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | |||||
| CVE-2021-45842 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. | |||||
| CVE-2021-45840 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. | |||||
| CVE-2021-45839 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. | |||||
| CVE-2021-45837 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. | |||||
| CVE-2021-45836 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | |||||
| CVE-2021-45810 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. | |||||
| CVE-2021-45809 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter. | |||||
| CVE-2021-45807 | 1 Jpress | 1 Jpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. | |||||
| CVE-2021-45789 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 6.5 MEDIUM |
| An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function. | |||||
| CVE-2021-45763 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. | |||||
| CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | |||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | |||||
| CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | |||||
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | |||||
| CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. | |||||
| CVE-2021-45705 | 1 Nanorand Project | 1 Nanorand | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. | |||||
| CVE-2021-45700 | 1 Nervos | 1 Ckb | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup. | |||||
| CVE-2021-45698 | 1 Nervos | 1 Ckb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction. | |||||