Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40380 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials. | |||||
| CVE-2021-40339 | 1 Hitachi | 1 Linkone | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | |||||
| CVE-2021-40334 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | |||||
| CVE-2021-40130 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. | |||||
| CVE-2021-40128 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website. | |||||
| CVE-2021-40112 | 1 Cisco | 10 Catalyst Pon Switch Cgp-ont-1p, Catalyst Pon Switch Cgp-ont-1p Firmware, Catalyst Pon Switch Cgp-ont-4p and 7 more | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-40110 | 1 Apache | 1 James | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking. | |||||
| CVE-2021-40095 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems. | |||||
| CVE-2021-40044 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations. | |||||
| CVE-2021-40013 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity. | |||||
| CVE-2021-40005 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-3972 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | |||||
| CVE-2021-3971 | 1 Lenovo | 146 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 143 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. | |||||
| CVE-2021-3967 | 1 Zulip | 1 Zulip | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in GitHub repository zulip/zulip prior to 4.10. | |||||
| CVE-2021-3837 | 1 Openwhyd | 1 Openwhyd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| openwhyd is vulnerable to Improper Authorization | |||||
| CVE-2021-3820 | 1 Inflect Project | 1 Inflect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| inflect is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3801 | 1 Prismjs | 1 Prism | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| prism is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3798 | 1 Opencryptoki Project | 1 Opencryptoki | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. | |||||
| CVE-2021-3797 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| hestiacp is vulnerable to Use of Wrong Operator in String Comparison | |||||
| CVE-2021-3794 | 1 Vuelidate Project | 1 Vuelidate | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| vuelidate is vulnerable to Inefficient Regular Expression Complexity | |||||