Latest CVE Feed
-
6.5
MEDIUMCVE-2021-43941
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-import... Read more
- Published: Feb. 15, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installa... Read more
- Published: Feb. 15, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-43939
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.... Read more
Affected Products : smartptt_scada- Published: Apr. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43938
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.... Read more
Affected Products : scada_server- Published: Apr. 29, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-43937
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.... Read more
Affected Products : scada_server- Published: Apr. 29, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-43936
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.... Read more
- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43935
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without suppl... Read more
Affected Products : welch_allyn_connex_cardio welch_allyn_diagnostic_cardiology_suite welch_allyn_rscribe_resting_ecg_system welch_allyn_vision_express_holter_analysis_system welch_allyn_hscribe_holter_analysis_system_firmware welch_allyn_q-stress_cardiac_stress_testing_system_firmware welch_allyn_xscribe_cardiac_stress_testing_system_firmware welch_allyn_hscribe_holter_analysis_system welch_allyn_q-stress_cardiac_stress_testing_system welch_allyn_xscribe_cardiac_stress_testing_system- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43934
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files.... Read more
Affected Products : smartptt_scada- Published: Apr. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-43933
The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources.... Read more
Affected Products : roboguide- Published: Apr. 20, 2022
- Modified: Nov. 21, 2024
-
9.0
CRITICALCVE-2021-43932
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page.... Read more
Affected Products : smartptt_scada- Published: Apr. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43931
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.... Read more
- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-43930
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.... Read more
Affected Products : smartptt_scada- Published: Apr. 28, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-43928
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands... Read more
Affected Products : mail_station- Published: Feb. 07, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-43908
Visual Studio Code Spoofing Vulnerability... Read more
Affected Products : visual_studio_code- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-43907
Visual Studio Code WSL Extension Remote Code Execution Vulnerability... Read more
Affected Products : windows_subsystem_for_linux- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43899
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability... Read more
- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUM- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-43893
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-43892
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability... Read more
Affected Products : biztalk_esb_toolkit- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-43891
Visual Studio Code Remote Code Execution Vulnerability... Read more
Affected Products : visual_studio_code- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024