Total
9855 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3176 | 1 Mitel | 1 Businesscti Enterprise | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data. | |||||
| CVE-2021-3048 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted. | |||||
| CVE-2021-3028 | 1 Git-big-picture Project | 1 Git-big-picture | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution. | |||||
| CVE-2021-39932 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. | |||||
| CVE-2021-39778 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138 | |||||
| CVE-2021-39771 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951 | |||||
| CVE-2021-39764 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995 | |||||
| CVE-2021-39763 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115 | |||||
| CVE-2021-39740 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112 | |||||
| CVE-2021-39701 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 | |||||
| CVE-2021-39676 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 | |||||
| CVE-2021-39220 | 1 Nextcloud | 1 Mail | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-39186 | 1 Miraheze | 1 Globalnewfiles | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible. | |||||
| CVE-2021-38985 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2021-38973 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2021-38972 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2021-38957 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | |||||
| CVE-2021-38910 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. | |||||
| CVE-2021-38485 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. | |||||
| CVE-2021-38455 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 4.0 MEDIUM | 7.3 HIGH |
| The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value. | |||||