Total
34804 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43039 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. | |||||
| CVE-2021-42952 | 1 Zepl | 1 Zepl | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. | |||||
| CVE-2021-42951 | 1 Algorithmia | 1 Msol | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. | |||||
| CVE-2021-42950 | 1 Zepl | 1 Zepl | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. | |||||
| CVE-2021-42887 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||||
| CVE-2021-42877 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | |||||
| CVE-2021-42851 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
| A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. | |||||
| CVE-2021-42847 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | |||||
| CVE-2021-42794 | 1 Aveva | 1 Edge | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses. | |||||
| CVE-2021-42775 | 1 Broadcom | 1 Emulex Hba Manager | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-42773 | 1 Broadcom | 1 Emulex Hba Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-42766 | 1 Proof-of-stake Ethereum Project | 1 Proof-of-stake Ethereum | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an increase in the profits of individual validators. | |||||
| CVE-2021-42765 | 1 Proof-of-stake Ethereum Project | 1 Proof-of-stake Ethereum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions). | |||||
| CVE-2021-42764 | 1 Proof-of-stake Ethereum Project | 1 Proof-of-stake Ethereum | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain. | |||||
| CVE-2021-42575 | 2 Oracle, Owasp | 3 Middleware Common Libraries And Tools, Primavera Unifier, Java Html Sanitizer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | |||||
| CVE-2021-42323 | 1 Microsoft | 1 Azure Real Time Operating System | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Azure RTOS Information Disclosure Vulnerability | |||||
| CVE-2021-42316 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2021-42315 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42314 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42312 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||