Search Results (366296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43936 1 Webhmi 2 Webhmi, Webhmi Firmware 2024-11-21 10 Critical
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
CVE-2021-43935 1 Baxter 10 Welch Allyn Connex Cardio, Welch Allyn Diagnostic Cardiology Suite, Welch Allyn Hscribe Holter Analysis System and 7 more 2024-11-21 8.1 High
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
CVE-2021-43931 1 Webhmi 2 Webhmi, Webhmi Firmware 2024-11-21 9.8 Critical
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CVE-2021-43928 1 Synology 1 Mail Station 2024-11-21 9.9 Critical
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2021-43908 1 Microsoft 1 Visual Studio Code 2024-11-21 4.3 Medium
Visual Studio Code Spoofing Vulnerability
CVE-2021-43907 1 Microsoft 1 Windows Subsystem For Linux 2024-11-21 9.8 Critical
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
CVE-2021-43899 1 Microsoft 2 Wireless Display Adapter, Wireless Display Adapter Firmware 2024-11-21 9.8 Critical
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability
CVE-2021-43896 1 Microsoft 2 Cbl Mariner, Powershell 2024-11-21 5.5 Medium
Microsoft PowerShell Spoofing Vulnerability
CVE-2021-43893 1 Microsoft 24 Windows 10, Windows 10 1507, Windows 10 1607 and 21 more 2024-11-21 7.5 High
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
CVE-2021-43892 1 Microsoft 1 Biztalk Esb Toolkit 2024-11-21 7.4 High
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability
CVE-2021-43891 1 Microsoft 1 Visual Studio Code 2024-11-21 7.8 High
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-43889 1 Microsoft 1 Defender For Iot 2024-11-21 7.2 High
Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2021-43888 1 Microsoft 1 Defender For Iot 2024-11-21 7.5 High
Microsoft Defender for IoT Information Disclosure Vulnerability
CVE-2021-43883 1 Microsoft 24 Windows 10, Windows 10 1507, Windows 10 1607 and 21 more 2024-11-21 7.8 High
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-43882 1 Microsoft 1 Defender For Iot 2024-11-21 9 Critical
Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2021-43880 1 Microsoft 2 Windows 11, Windows 11 21h2 2024-11-21 5.5 Medium
Windows Mobile Device Management Elevation of Privilege Vulnerability
CVE-2021-43877 1 Microsoft 3 Asp.net Core, Visual Studio 2019, Visual Studio 2022 2024-11-21 8.8 High
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
CVE-2021-43876 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Server 2024-11-21 8.8 High
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-43862 1 Jquery.terminal Project 1 Jquery.terminal 2024-11-21 3.7 Low
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way).
CVE-2021-43861 1 Mermaid Project 1 Mermaid 2024-11-21 7.2 High
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.