Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40455 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows Installer Spoofing Vulnerability
|
|||||
| CVE-2021-40453 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2021-40452 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2021-40448 | 1 Microsoft | 1 Accessibility Insights For Android | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
|
Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
|
|||||
| CVE-2021-40442 | 1 Microsoft | 7 365 Apps, Excel, Office and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-40441 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Media Center Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-40387 | 1 Kaseya | 1 Unitrends Backup Software | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution.
|
|||||
| CVE-2021-40386 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2021-40385 | 1 Kaseya | 1 Unitrends Backup Software | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.
|
|||||
| CVE-2021-40365 | 1 Siemens | 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
|
|||||
| CVE-2021-40347 | 1 Postorius Project | 1 Postorius | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.
|
|||||
| CVE-2021-40330 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
|
|||||
| CVE-2021-40329 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
|
|||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
|
|||||
| CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
|
|||||
| CVE-2021-40171 | 1 Securitashome | 2 Securitashome Alarm System, Securitashome Alarm System Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system.
|
|||||
| CVE-2021-40147 | 1 Emtec | 1 Zoc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.
|
|||||
| CVE-2021-40146 | 1 Apache | 1 Any23 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.
|
|||||
| CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.
|
|||||
| CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.
|
|||||
| CVE-2021-40089 | 1 Primekey | 1 Ejbca | 2024-11-21 | 1.9 LOW | 2.3 LOW |
|
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run.
|
|||||
| CVE-2021-40085 | 2 Debian, Openstack | 2 Debian Linux, Neutron | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
|
|||||
| CVE-2021-40065 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40063 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.
|
|||||
| CVE-2021-40055 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
|
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.
|
|||||
| CVE-2021-40051 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.
|
|||||
| CVE-2021-40046 | 1 Huawei | 1 Pcmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.
|
|||||
| CVE-2021-40040 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | N/A | 7.5 HIGH |
|
Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.
|
|||||
| CVE-2021-40034 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | N/A | 7.5 HIGH |
|
The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability.
|
|||||
| CVE-2021-40033 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800.
|
|||||
| CVE-2021-40030 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | N/A | 7.5 HIGH |
|
The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40024 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40023 | 1 Huawei | 1 Emui | 2024-11-21 | N/A | 7.5 HIGH |
|
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.
|
|||||
| CVE-2021-40022 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40016 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.
|
|||||
| CVE-2021-40012 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality.
|
|||||
| CVE-2021-3897 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
|
|||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 7.0 HIGH |
|
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible ro ...
Show More |
|||||
| CVE-2021-3849 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
|
|||||
| CVE-2021-3848 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||