Search Results (365174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-34696 1 Cisco 23 Asr 902, Asr 903, Asr 907 and 20 more 2024-11-21 5.8 Medium
A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
CVE-2021-34693 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-34692 2 Idrive, Microsoft 2 Remotepc, Windows 2024-11-21 7.8 High
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.
CVE-2021-34691 2 Idrive, Linux 2 Remotepc, Linux Kernel 2024-11-21 7.5 High
iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port.
CVE-2021-34690 2 Idrive, Microsoft 2 Remotepc, Windows 2024-11-21 9.8 Critical
iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980.
CVE-2021-34689 2 Idrive, Microsoft 2 Remotepc, Windows 2024-11-21 5.5 Medium
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.
CVE-2021-34688 2 Idrive, Microsoft 2 Remotepc, Windows 2024-11-21 3.3 Low
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.
CVE-2021-34687 2 Idrive, Microsoft 2 Remotepc, Windows 2024-11-21 5.3 Medium
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.
CVE-2021-34685 1 Hitachi 1 Vantara Pentaho 2024-11-21 2.7 Low
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).
CVE-2021-34684 1 Hitachi 1 Vantara Pentaho 2024-11-21 9.8 Critical
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
CVE-2021-34683 1 Eic 1 E-document System 2024-11-21 5.3 Medium
An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page.
CVE-2021-34682 1 Gov 1 Imposto De Renda Da Pessoa Fisica 2021 2024-11-21 3.7 Low
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-34679 1 Thycotic 1 Password Reset Server 2024-11-21 10 Critical
Thycotic Password Reset Server before 5.3.0 allows credential disclosure.
CVE-2021-34676 1 Basixonline 1 Nex-forms 2024-11-21 7.5 High
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.
CVE-2021-34675 1 Basixonline 1 Nex-forms 2024-11-21 7.5 High
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
CVE-2021-34637 1 Post Index Project 1 Post Index 2024-11-21 8.8 High
The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.
CVE-2021-34635 1 Ays-pro 1 Poll Maker 2024-11-21 6.1 Medium
The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8.
CVE-2021-34634 1 Sola-newsletters Project 1 Sola-newsletters 2024-11-21 8.8 High
The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23.
CVE-2021-34633 1 Youtube Feeder Project 1 Youtube Feeder 2024-11-21 8.8 High
The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1.
CVE-2021-34632 1 Seo Backlinks Project 1 Seo Backlinks 2024-11-21 8.8 High
The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.