Total
8770 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45603 | 1 Netgear | 36 D7800, D7800 Firmware, Ex2700 and 33 more | 2024-08-04 | 6.1 Medium |
| Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. | ||||
| CVE-2021-45493 | 1 Netgear | 6 Rax35, Rax35 Firmware, Rax38 and 3 more | 2024-08-04 | 7.6 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. | ||||
| CVE-2021-45486 | 3 Linux, Oracle, Redhat | 6 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 3 more | 2024-08-04 | 3.5 Low |
| In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | ||||
| CVE-2021-45310 | 1 Sangoma | 1 Switchvox | 2024-08-04 | 5.3 Medium |
| Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser. | ||||
| CVE-2021-45095 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-04 | 5.5 Medium |
| pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | ||||
| CVE-2021-45038 | 1 Mediawiki | 1 Mediawiki | 2024-08-04 | 5.3 Medium |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. | ||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2024-08-04 | 5.3 Medium |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | ||||
| CVE-2021-44717 | 4 Debian, Golang, Opengroup and 1 more | 10 Debian Linux, Go, Unix and 7 more | 2024-08-04 | 4.8 Medium |
| Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | ||||
| CVE-2021-44692 | 1 Buddyboss | 1 Buddyboss | 2024-08-04 | 5.3 Medium |
| BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. JohnDoe@example.com would become /members/johndoeexample-com and Jo.test@example.com would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses. | ||||
| CVE-2021-44534 | 2024-08-04 | 6.5 Medium | ||
| Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. | ||||
| CVE-2021-44145 | 1 Apache | 1 Nifi | 2024-08-04 | 6.5 Medium |
| In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. | ||||
| CVE-2021-44141 | 3 Fedoraproject, Redhat, Samba | 4 Fedora, Enterprise Linux, Storage and 1 more | 2024-08-04 | 4.3 Medium |
| All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. | ||||
| CVE-2021-43938 | 1 Smartptt | 1 Scada Server | 2024-08-04 | 8.1 High |
| Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. | ||||
| CVE-2021-43963 | 1 Couchbase | 1 Sync Gateway | 2024-08-04 | 8.1 High |
| An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.) | ||||
| CVE-2021-43937 | 1 Smartptt | 1 Scada Server | 2024-08-04 | 7.6 High |
| Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | ||||
| CVE-2021-43792 | 1 Discourse | 1 Discourse | 2024-08-04 | 4.3 Medium |
| Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible. | ||||
| CVE-2021-43823 | 1 Sourcegraph | 1 Sourcegraph | 2024-08-04 | 6.5 Medium |
| Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors. | ||||
| CVE-2021-43536 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-08-04 | 6.5 Medium |
| Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43287 | 1 Thoughtworks | 1 Gocd | 2024-08-04 | 7.5 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | ||||
| CVE-2021-42886 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | ||||