Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43955 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.
|
|||||
| CVE-2021-43947 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
|
|||||
| CVE-2021-43908 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Visual Studio Code Spoofing Vulnerability
|
|||||
| CVE-2021-43907 | 1 Microsoft | 1 Windows Subsystem For Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2021-43899 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability
|
|||||
| CVE-2021-43896 | 1 Microsoft | 1 Powershell | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Microsoft PowerShell Spoofing Vulnerability
|
|||||
| CVE-2021-43892 | 1 Microsoft | 1 Biztalk Esb Toolkit | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability
|
|||||
| CVE-2021-43891 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-43889 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Microsoft Defender for IoT Remote Code Execution Vulnerability
|
|||||
| CVE-2021-43888 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Microsoft Defender for IoT Information Disclosure Vulnerability
|
|||||
| CVE-2021-43883 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-43880 | 1 Microsoft | 1 Windows 11 | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
Windows Mobile Device Management Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-43877 | 1 Microsoft | 3 Asp.net Core, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-43876 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
Microsoft SharePoint Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-43875 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Office Graphics Remote Code Execution Vulnerability
|
|||||
| CVE-2021-43857 | 1 Gerapy | 1 Gerapy | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
|
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
|
|||||
| CVE-2021-43850 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
|
Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No work ...
Show More |
|||||
| CVE-2021-43803 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.
|
|||||
| CVE-2021-43745 | 1 Trillium Notes Project | 1 Trillum Notes | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function
|
|||||
| CVE-2021-43578 | 1 Jenkins | 1 Squash Tm Publisher | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.
|
|||||
| CVE-2021-43565 | 1 Golang | 1 Ssh | 2024-11-21 | N/A | 7.5 HIGH |
|
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
|
|||||
| CVE-2021-43540 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.
|
|||||
| CVE-2021-43533 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.
|
|||||
| CVE-2021-43517 | 1 Foscam | 2 Fi9805e, Fi9805e Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.
|
|||||
| CVE-2021-43479 | 1 Secretarycms | 1 The Secretary | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.
|
|||||
| CVE-2021-43478 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
|
|||||
| CVE-2021-43464 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().
|
|||||
| CVE-2021-43413 | 1 Gnu | 1 Hurd | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.
|
|||||
| CVE-2021-43403 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
|
|||||
| CVE-2021-43396 | 2 Gnu, Oracle | 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security ...
Show More |
|||||
| CVE-2021-43327 | 1 Renesas | 4 Rx65, Rx65 Firmware, Rx65n and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.
|
|||||
| CVE-2021-43256 | 1 Microsoft | 6 365 Apps, Excel, Excel Rt and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-43255 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Microsoft Office Trust Center Spoofing Vulnerability
|
|||||
| CVE-2021-43248 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Digital Media Receiver Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-43246 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.6 MEDIUM |
|
Windows Hyper-V Denial of Service Vulnerability
|
|||||
| CVE-2021-43245 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Digital TV Tuner Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-43244 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Windows Kernel Information Disclosure Vulnerability
|
|||||
| CVE-2021-43243 | 1 Microsoft | 1 Vp9 Video Extensions | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
VP9 Video Extensions Information Disclosure Vulnerability
|
|||||
| CVE-2021-43242 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2021-43240 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
NTFS Set Short Name Elevation of Privilege Vulnerability
|
|||||