Total
35523 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45983 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 9.8 Critical |
| NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | ||||
| CVE-2021-45980 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 7.8 High |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API. | ||||
| CVE-2021-45977 | 1 Jetbrains | 7 Clion, Goland, Intellij Idea and 4 more | 2024-11-21 | 9.8 Critical |
| JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. | ||||
| CVE-2021-45915 | 1 Luxsoft | 1 Luxcal | 2024-11-21 | 9.8 Critical |
| In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. | ||||
| CVE-2021-45914 | 1 Luxsoft | 1 Luxcal | 2024-11-21 | 9.8 Critical |
| In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. | ||||
| CVE-2021-45898 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | ||||
| CVE-2021-45897 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | ||||
| CVE-2021-45842 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 7.5 High |
| It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. | ||||
| CVE-2021-45840 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 9.8 Critical |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. | ||||
| CVE-2021-45839 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 6.5 Medium |
| It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. | ||||
| CVE-2021-45837 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 9.8 Critical |
| It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. | ||||
| CVE-2021-45836 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 8.8 High |
| An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | ||||
| CVE-2021-45810 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 7.5 High |
| GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. | ||||
| CVE-2021-45809 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 9.8 Critical |
| GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter. | ||||
| CVE-2021-45807 | 1 Jpress | 1 Jpress | 2024-11-21 | 9.8 Critical |
| jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. | ||||
| CVE-2021-45789 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 6.5 Medium |
| An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function. | ||||
| CVE-2021-45763 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). | ||||
| CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. | ||||
| CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | ||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | ||||