Total
35291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27374 | 1 Vertigis | 1 Weboffice | 2024-11-21 | 7.5 High |
| VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation." | ||||
| CVE-2021-27363 | 4 Debian, Linux, Netapp and 1 more | 10 Debian Linux, Linux Kernel, Cloud Backup and 7 more | 2024-11-21 | 4.4 Medium |
| An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. | ||||
| CVE-2021-27358 | 3 Grafana, Netapp, Redhat | 4 Grafana, E-series Performance Analyzer, Acm and 1 more | 2024-11-21 | 7.5 High |
| The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | ||||
| CVE-2021-27235 | 1 Mutare | 1 Voice | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database. | ||||
| CVE-2021-27231 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 5.4 Medium |
| Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. | ||||
| CVE-2021-27223 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2024-11-21 | 5.5 Medium |
| A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS | ||||
| CVE-2021-27221 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 8.1 High |
| MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work | ||||
| CVE-2021-27220 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 5.3 Medium |
| An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server. | ||||
| CVE-2021-27191 | 1 Get-ip-range Project | 1 Get-ip-range | 2024-11-21 | 7.5 High |
| The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion. | ||||
| CVE-2021-27139 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp. | ||||
| CVE-2021-27135 | 4 Debian, Fedoraproject, Invisible-island and 1 more | 5 Debian Linux, Fedora, Xterm and 2 more | 2024-11-21 | 9.8 Critical |
| xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | ||||
| CVE-2021-27112 | 1 Lightcms Project | 1 Lightcms | 2024-11-21 | 9.8 Critical |
| LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. | ||||
| CVE-2021-27096 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2021-27095 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Media Video Decoder Remote Code Execution Vulnerability | ||||
| CVE-2021-27094 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 4.4 Medium |
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | ||||
| CVE-2021-27093 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2021-27092 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 6.8 Medium |
| Azure AD Web Sign-in Security Feature Bypass Vulnerability | ||||
| CVE-2021-27091 | 1 Microsoft | 4 Windows 7, Windows Server 2008, Windows Server 2008 R2 and 1 more | 2024-11-21 | 7.8 High |
| RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-27090 | 1 Microsoft | 6 Windows 10, Windows 10 1809, Windows 10 20h2 and 3 more | 2024-11-21 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2021-27089 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Microsoft Internet Messaging API Remote Code Execution Vulnerability | ||||