Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33840 | 1 Luca-app | 1 Luca | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. | |||||
| CVE-2021-33712 | 1 Mendix | 1 Saml | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. | |||||
| CVE-2021-32665 | 1 Wire | 1 Wire | 2024-11-21 | 5.0 MEDIUM | 8.8 HIGH |
| wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an existing conversation - All the participants in the conversation were previously marked as verified. The vulnerability is patched in wire-ios version 3.8.1. As a workaround, one can unverify & verify a device in the conversation. | |||||
| CVE-2021-31783 | 1 Piwigo | 1 Localfiles Editor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check. | |||||
| CVE-2021-30005 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. | |||||
| CVE-2021-29963 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-29655 | 1 Pexip | 1 Infinity Connect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | |||||
| CVE-2021-29462 | 1 Pupnp Project | 1 Pupnp | 2024-11-21 | 7.5 HIGH | 7.6 HIGH |
| The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. | |||||
| CVE-2021-29239 | 1 Codesys | 1 Development System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | |||||
| CVE-2021-28678 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. | |||||
| CVE-2021-27759 | 1 Hcltech | 1 Bigfix Inventory | 2024-11-21 | 4.3 MEDIUM | 2.3 LOW |
| This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. | |||||
| CVE-2021-26625 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. | |||||
| CVE-2021-26610 | 2 Microsoft, Nhn-commerce | 2 Windows, Godomall5 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code. | |||||
| CVE-2021-26608 | 2 Handysoft, Microsoft | 2 Hshell, Windows | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. | |||||
| CVE-2021-26396 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. | |||||
| CVE-2021-26368 | 1 Amd | 140 Ryzen 3 2200u, Ryzen 3 2200u Firmware, Ryzen 3 2300u and 137 more | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service. | |||||
| CVE-2021-26315 | 1 Amd | 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used. | |||||
| CVE-2021-26103 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 5.1 MEDIUM | 6.3 MEDIUM |
| An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. | |||||
| CVE-2021-24825 | 1 Custom Content Shortcode Project | 1 Custom Content Shortcode | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed) | |||||
| CVE-2021-23998 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||||