Total
496 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42145 | 1 Contiki-ng | 1 Tinydtls | 2024-11-21 | N/A | 7.5 HIGH |
| An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. | |||||
| CVE-2021-42142 | 1 Contiki-ng | 1 Tinydtls | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. | |||||
| CVE-2021-42141 | 1 Contiki-ng | 1 Tinydtls | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. | |||||
| CVE-2021-40391 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-3127 | 1 Nats | 2 Jwt Library, Nats Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | |||||
| CVE-2021-3063 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers are not impacted by this issue. | |||||
| CVE-2021-3053 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
| An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access. | |||||
| CVE-2021-39659 | 1 Google | 1 Android | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659 | |||||
| CVE-2021-39242 | 3 Debian, Fedoraproject, Haproxy | 3 Debian Linux, Fedora, Haproxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled. | |||||
| CVE-2021-39187 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist. | |||||
| CVE-2021-39157 | 1 Detect-character-encoding Project | 1 Detect-character-encoding | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue. | |||||
| CVE-2021-39131 | 1 Ced Project | 1 Ced | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a `Buffer` using `Buffer.isBuffer(obj)`. | |||||
| CVE-2021-38384 | 1 Serverless Offline Project | 1 Serverless Offline | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions). | |||||
| CVE-2021-38363 | 1 Opennetworking | 1 Onos | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process. | |||||
| CVE-2021-38003 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-37851 | 1 Eset | 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0. | |||||
| CVE-2021-37786 | 1 Bag | 1 Covid Certificate | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code. | |||||
| CVE-2021-37175 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. | |||||
| CVE-2021-37118 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak. | |||||
| CVE-2021-37078 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. | |||||