Total
7426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45646 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information. | |||||
| CVE-2021-45603 | 1 Netgear | 36 D7800, D7800 Firmware, Ex2700 and 33 more | 2024-11-21 | 2.1 LOW | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. | |||||
| CVE-2021-45493 | 1 Netgear | 6 Rax35, Rax35 Firmware, Rax38 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.6 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. | |||||
| CVE-2021-45475 | 1 Yordam | 1 Library Automation System | 2024-11-21 | N/A | 5.3 MEDIUM |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | |||||
| CVE-2021-45421 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced | |||||
| CVE-2021-45420 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced | |||||
| CVE-2021-45310 | 1 Sangoma | 1 Switchvox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser. | |||||
| CVE-2021-45095 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | |||||
| CVE-2021-45038 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. | |||||
| CVE-2021-44739 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. | |||||
| CVE-2021-44702 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. | |||||
| CVE-2021-44692 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. JohnDoe@example.com would become /members/johndoeexample-com and Jo.test@example.com would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses. | |||||
| CVE-2021-44534 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. | |||||
| CVE-2021-44172 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. | |||||
| CVE-2021-44145 | 1 Apache | 1 Nifi | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. | |||||
| CVE-2021-43963 | 1 Couchbase | 1 Sync Gateway | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.) | |||||
| CVE-2021-43951 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-43949 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-43536 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-43287 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | |||||