Total
35513 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35233 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5.3 Medium |
| The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. | ||||
| CVE-2021-35225 | 1 Solarwinds | 1 Network Performance Monitor | 2024-11-21 | 5 Medium |
| Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. | ||||
| CVE-2021-35223 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 8.5 High |
| The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution. | ||||
| CVE-2021-35219 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6 Medium |
| ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. | ||||
| CVE-2021-35063 | 3 Debian, Fedoraproject, Oisf | 3 Debian Linux, Fedora, Suricata | 2024-11-21 | 7.5 High |
| Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." | ||||
| CVE-2021-35053 | 2 Kaspersky, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.5 High |
| Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. | ||||
| CVE-2021-34824 | 1 Istio | 1 Istio | 2024-11-21 | 8.8 High |
| Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. | ||||
| CVE-2021-34814 | 1 Proofpoint | 1 Spam Engine | 2024-11-21 | 7.5 High |
| Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | ||||
| CVE-2021-34801 | 1 Valine.js | 1 Valine | 2024-11-21 | 5.3 Medium |
| Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. | ||||
| CVE-2021-34691 | 2 Idrive, Linux | 2 Remotepc, Linux Kernel | 2024-11-21 | 7.5 High |
| iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | ||||
| CVE-2021-34683 | 1 Eic | 1 E-document System | 2024-11-21 | 5.3 Medium |
| An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page. | ||||
| CVE-2021-34682 | 1 Gov | 1 Imposto De Renda Da Pessoa Fisica 2021 | 2024-11-21 | 3.7 Low |
| Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. | ||||
| CVE-2021-34679 | 1 Thycotic | 1 Password Reset Server | 2024-11-21 | 10 Critical |
| Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | ||||
| CVE-2021-34629 | 1 Sendgrid | 1 Sendgrid | 2024-11-21 | 4.3 Medium |
| The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8. | ||||
| CVE-2021-34618 | 1 Aruba | 1 Aruba Instant | 2024-11-21 | 6.5 Medium |
| A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | ||||
| CVE-2021-34534 | 1 Microsoft | 9 Windows 10, Windows 10 1507, Windows 10 1607 and 6 more | 2024-11-21 | 6.8 Medium |
| Windows MSHTML Platform Remote Code Execution Vulnerability | ||||
| CVE-2021-34533 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | ||||
| CVE-2021-34532 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio 2019, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| ASP.NET Core and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2021-34530 | 1 Microsoft | 11 Windows 10, Windows 10 1507, Windows 10 1607 and 8 more | 2024-11-21 | 7.8 High |
| Windows Graphics Component Remote Code Execution Vulnerability | ||||
| CVE-2021-34529 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||