Total
35190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45836 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 8.8 High |
| An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | ||||
| CVE-2021-45810 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 7.5 High |
| GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. | ||||
| CVE-2021-45809 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 9.8 Critical |
| GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter. | ||||
| CVE-2021-45807 | 1 Jpress | 1 Jpress | 2024-11-21 | 9.8 Critical |
| jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. | ||||
| CVE-2021-45789 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 6.5 Medium |
| An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function. | ||||
| CVE-2021-45763 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). | ||||
| CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. | ||||
| CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | ||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | ||||
| CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | ||||
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | ||||
| CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. | ||||
| CVE-2021-45705 | 1 Nanorand Project | 1 Nanorand | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. | ||||
| CVE-2021-45700 | 1 Nervos | 1 Ckb | 2024-11-21 | 7.5 High |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup. | ||||
| CVE-2021-45698 | 1 Nervos | 1 Ckb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction. | ||||
| CVE-2021-45697 | 1 Nervos | 1 Molecule | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result. | ||||
| CVE-2021-45695 | 1 Mopa Project | 1 Mopa | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass. | ||||
| CVE-2021-45679 | 1 Netgear | 8 R6900p, R6900p Firmware, R7000 and 5 more | 2024-11-21 | 8.4 High |
| Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80. | ||||
| CVE-2021-45678 | 1 Netgear | 2 Rax200, Rax200 Firmware | 2024-11-21 | 9.8 Critical |
| NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. | ||||
| CVE-2021-45645 | 1 Netgear | 16 Rbs50y, Rbs50y Firmware, Src60 and 13 more | 2024-11-21 | 8.2 High |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122. | ||||