Total
29473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42288 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 3.6 LOW | 5.7 MEDIUM |
| Windows Hello Security Feature Bypass Vulnerability | |||||
| CVE-2021-42287 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42284 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | 7.1 HIGH | 6.8 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-42278 | 1 Microsoft | 7 Windows Server 2004, Windows Server 2008, Windows Server 2012 and 4 more | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42276 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||
| CVE-2021-42275 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||
| CVE-2021-42274 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | |||||
| CVE-2021-42252 | 2 Linux, Netapp | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | |||||
| CVE-2021-42111 | 1 Rcdevs | 1 Openotp Token | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code. | |||||
| CVE-2021-42110 | 1 Allegro | 1 Allegro | 2024-11-21 | 6.2 MEDIUM | 7.1 HIGH |
| An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. | |||||
| CVE-2021-42095 | 1 Netsarang | 1 Xshell | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | |||||
| CVE-2021-42093 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | |||||
| CVE-2021-42087 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | |||||
| CVE-2021-42086 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | |||||
| CVE-2021-42002 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | |||||
| CVE-2021-41972 | 1 Apache | 1 Superset | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. | |||||
| CVE-2021-41874 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source. | |||||
| CVE-2021-41873 | 1 Skyworth | 2 Penguin Aurora Box, Penguin Aurora Box Firmware | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV. | |||||
| CVE-2021-41872 | 1 Skyworthdigital | 2 Penguin Aurora Box 41502, Penguin Aurora Box 41502 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. | |||||
| CVE-2021-41869 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. | |||||