The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2021-28496 | On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train | MEDIUM | Oct 21, 2021 | n/a |
CVE-2021-28495 | In Arista\'s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train | MEDIUM | Sep 9, 2021 | n/a |
CVE-2021-28494 | In Arista\'s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases | MEDIUM | Sep 9, 2021 | n/a |
CVE-2021-28493 | In Arista\'s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases | MEDIUM | Sep 9, 2021 | n/a |
CVE-2021-28492 | Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format. | MEDIUM | Apr 20, 2021 | n/a |
CVE-2021-28490 | In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. | MEDIUM | Aug 20, 2021 | n/a |
CVE-2021-28488 | Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). | MEDIUM | Mar 13, 2022 | n/a |
CVE-2021-28485 | In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application. | -- | Sep 14, 2023 | n/a |
CVE-2021-28484 | An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this. | MEDIUM | Apr 14, 2021 | n/a |
CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability | HIGH | Apr 14, 2021 | n/a |
CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability | HIGH | Apr 14, 2021 | n/a |
CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability | HIGH | Apr 14, 2021 | n/a |
CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability | HIGH | Apr 14, 2021 | n/a |
CVE-2021-28479 | Windows CSC Service Information Disclosure Vulnerability | LOW | May 14, 2021 | n/a |
CVE-2021-28478 | Microsoft SharePoint Server Spoofing Vulnerability | MEDIUM | May 11, 2021 | n/a |
CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability | MEDIUM | Apr 16, 2021 | n/a |
CVE-2021-28476 | Windows Hyper-V Remote Code Execution Vulnerability | MEDIUM | May 14, 2021 | n/a |
CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability | MEDIUM | Apr 16, 2021 | n/a |
CVE-2021-28474 | Microsoft SharePoint Server Remote Code Execution Vulnerability | MEDIUM | May 13, 2021 | n/a |
CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability | MEDIUM | Apr 16, 2021 | n/a |
CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28465 | Web Media Extensions Remote Code Execution Vulnerability | MEDIUM | May 13, 2021 | n/a |
CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28461 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | LOW | May 11, 2021 | n/a |
CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28459 | Azure DevOps Server Spoofing Vulnerability | MEDIUM | Apr 14, 2021 | n/a |
CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28455 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | MEDIUM | May 11, 2021 | n/a |
CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability | MEDIUM | Apr 15, 2021 | n/a |
CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28450 | Microsoft SharePoint Denial of Service Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | LOW | Apr 13, 2021 | n/a |
CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability | LOW | Apr 13, 2021 | n/a |
CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability | LOW | Apr 13, 2021 | n/a |
CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability | MEDIUM | Apr 13, 2021 | n/a |
CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability | LOW | Apr 13, 2021 | n/a |
CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability | MEDIUM | Apr 13, 2021 | n/a |