Total
34804 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40695 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 4.3 MEDIUM |
| It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | |||||
| CVE-2021-40691 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 4.3 MEDIUM |
| A session hijack risk was identified in the Shibboleth authentication plugin. | |||||
| CVE-2021-40684 | 1 Talend | 1 Esb Runtime | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. | |||||
| CVE-2021-40643 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail"). | |||||
| CVE-2021-40612 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. | |||||
| CVE-2021-40567 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. | |||||
| CVE-2021-40540 | 1 Ulfius Project | 1 Ulfius | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests. | |||||
| CVE-2021-40532 | 1 Telegram | 1 Web K Alpha | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. | |||||
| CVE-2021-40521 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. | |||||
| CVE-2021-40498 | 1 Sap | 1 Successfactors Mobile | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks. | |||||
| CVE-2021-40495 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform. | |||||
| CVE-2021-40486 | 1 Microsoft | 6 Office, Office Online Server, Office Web Apps Server and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-40484 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-40483 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-40482 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2021-40481 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2021-40480 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2021-40479 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-40475 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | |||||
| CVE-2021-40474 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||