Total
29063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30531 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30503 | 1 Glsl Linting Project | 1 Glsl Linting | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration. | |||||
| CVE-2021-30349 | 1 Qualcomm | 282 Aqt1000, Aqt1000 Firmware, Ar8031 and 279 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30344 | 1 Qualcomm | 294 Apq8009w, Apq8009w Firmware, Apq8017 and 291 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-30276 | 1 Qualcomm | 116 Ar8035, Ar8035 Firmware, Qca6390 and 113 more | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
| Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30205 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | N/A | 5.3 MEDIUM |
| Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | |||||
| CVE-2021-30192 | 1 Codesys | 1 V2 Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | |||||
| CVE-2021-30162 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). | |||||
| CVE-2021-30132 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. | |||||
| CVE-2021-30127 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround. | |||||
| CVE-2021-29975 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-29973 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-29957 | 1 Mozilla | 1 Thunderbird | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2. | |||||
| CVE-2021-29921 | 2 Oracle, Python | 6 Communications Cloud Native Core Automated Test Suite, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Slice Selection Function and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. | |||||
| CVE-2021-29799 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738. | |||||
| CVE-2021-29779 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033. | |||||
| CVE-2021-29758 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169. | |||||
| CVE-2021-29659 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance. | |||||
| CVE-2021-29658 | 1 Vscode-rufo Project | 1 Vscode-rufo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder. | |||||
| CVE-2021-29487 | 1 Octobercms | 1 October | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5. | |||||