Total
29062 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4234 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack. | |||||
| CVE-2021-4221 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | N/A | 4.3 MEDIUM |
| If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92. | |||||
| CVE-2021-4159 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 4.4 MEDIUM |
| A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | |||||
| CVE-2021-4119 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| bookstack is vulnerable to Improper Access Control | |||||
| CVE-2021-4115 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned | |||||
| CVE-2021-4106 | 1 Snowsoftware | 1 Snow Inventory Java Scanner | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0 | |||||
| CVE-2021-4105 | 1 Bg-tek | 16 Coslat Bx5s1d3, Coslat Bx5s1d3 Firmware, Coslat Bx5s1d4 and 13 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | |||||
| CVE-2021-4016 | 1 Rapid7 | 1 Insight Agent | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. | |||||
| CVE-2021-47624 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove", the function simply returns -EINVAL and forgets to decrease the reference count of a rpc_xprt object and a rpc_xprt_switch object increased by rpc_sysfs_xprt_kobj_get_xprt() and rpc_sysfs_xprt_kobj_get_xprt_switch(), causing reference count leaks of both unused objects. Fix this issue by jumping to the error handling path labelled with out_put when buf matches none of "offline", "online" or "remove". | |||||
| CVE-2021-46914 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix unbalanced device enable/disable in suspend/resume pci_disable_device() called in __ixgbe_shutdown() decreases dev->enable_cnt by 1. pci_enable_device_mem() which increases dev->enable_cnt by 1, was removed from ixgbe_resume() in commit 6f82b2558735 ("ixgbe: use generic power management"). This caused unbalanced increase/decrease. So add pci_enable_device_mem() back. Fix the following call trace. ixgbe 0000:17:00.1: disabling already-disabled device Call Trace: __ixgbe_shutdown+0x10a/0x1e0 [ixgbe] ixgbe_suspend+0x32/0x70 [ixgbe] pci_pm_suspend+0x87/0x160 ? pci_pm_freeze+0xd0/0xd0 dpm_run_callback+0x42/0x170 __device_suspend+0x114/0x460 async_suspend+0x1f/0xa0 async_run_entry_fn+0x3c/0xf0 process_one_work+0x1dd/0x410 worker_thread+0x34/0x3f0 ? cancel_delayed_work+0x90/0x90 kthread+0x14c/0x170 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30 | |||||
| CVE-2021-46903 | 1 Meinbergglobal | 1 Lantime Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | |||||
| CVE-2021-46887 | 1 Huawei | 1 Emui | 2024-11-21 | N/A | 9.8 CRITICAL |
| Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-46419 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. | |||||
| CVE-2021-46418 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | |||||
| CVE-2021-46304 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. | |||||
| CVE-2021-46270 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | |||||
| CVE-2021-46167 | 1 Wizplat | 2 Pd065, Pd065 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). | |||||
| CVE-2021-45896 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. | |||||
| CVE-2021-45730 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 4.0 MEDIUM | 6.0 MEDIUM |
| JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | |||||
| CVE-2021-45729 | 1 Srmilon | 1 Wp Google Map | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. | |||||