Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45497 | 1 Netgear | 2 D7000, D7000 Firmware | 2024-11-21 | 10.0 HIGH | 9.4 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||||
| CVE-2021-45496 | 1 Netgear | 2 D7000, D7000 Firmware | 2024-11-21 | 10.0 HIGH | 9.1 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||||
| CVE-2021-45461 | 1 Sangoma | 3 Freepbx, Pbxact, Restapps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19. | |||||
| CVE-2021-45414 | 1 Datarobot | 1 Datarobot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | |||||
| CVE-2021-45364 | 1 Statamic | 1 Statamic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product. | |||||
| CVE-2021-45090 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Stormshield Endpoint Security before 2.1.2 allows remote code execution. | |||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||||
| CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | |||||
| CVE-2021-44663 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | |||||
| CVE-2021-44596 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges | |||||
| CVE-2021-44547 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 9.1 CRITICAL |
| A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | |||||
| CVE-2021-44526 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | |||||
| CVE-2021-44486 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. | |||||
| CVE-2021-44219 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gin-Vue-Admin before 2.4.6 mishandles a SQL database. | |||||
| CVE-2021-44127 | 1 Dlink | 2 Dap-1360, Dap-1360f1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. | |||||
| CVE-2021-44087 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. | |||||
| CVE-2021-43907 | 1 Microsoft | 1 Windows Subsystem For Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Visual Studio Code WSL Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-43899 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | |||||
| CVE-2021-43857 | 1 Gerapy | 1 Gerapy | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
| Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8. | |||||
| CVE-2021-43517 | 1 Foscam | 2 Fi9805e, Fi9805e Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | |||||