Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38492 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. | |||||
| CVE-2021-38501 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. | |||||
| CVE-2020-14384 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbossweb | 2021-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2018-6125 | 1 Google | 1 Chrome | 2021-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. | |||||
| CVE-2020-12928 | 1 Amd | 1 Ryzen Master | 2021-11-04 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. | |||||
| CVE-2021-36794 | 1 Siren | 1 Investigate | 2021-11-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. | |||||
| CVE-2021-30837 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2021-11-04 | 9.3 HIGH | 7.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30677 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-11-03 | 4.6 MEDIUM | 8.8 HIGH |
| This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. | |||||
| CVE-2019-9141 | 1 Imgtech | 1 Zoneplayer | 2021-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution. | |||||
| CVE-2019-6742 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2021-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477. | |||||
| CVE-2019-7619 | 1 Elastic | 1 Elasticsearch | 2021-11-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. | |||||
| CVE-2019-19163 | 1 Commax | 1 Cdp-1020mb Firmware | 2021-11-03 | 5.8 MEDIUM | 8.8 HIGH |
| A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL. | |||||
| CVE-2021-30813 | 1 Apple | 1 Macos | 2021-11-03 | 2.1 LOW | 6.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS. | |||||
| CVE-2020-18439 | 1 Phpok | 1 Phpok | 2021-11-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | |||||
| CVE-2019-17326 | 1 Clipsoft | 1 Rexpert | 2021-11-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | |||||
| CVE-2021-29875 | 1 Ibm | 1 Infosphere Information Server | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572. | |||||
| CVE-2021-41194 | 1 Jupyterhub | 1 First Use Authenticator | 2021-11-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if `create_users=True` and the username is known or guessed. One may upgrade to version 1.0.0 or apply a patch manually to mitigate the vulnerability. For those who cannot upgrade, there is no complete workaround, but a partial mitigation exists. One can disable user creation with `c.FirstUseAuthenticator.create_users = False`, which will only allow login with fully normalized usernames for already existing users prior to jupyterhub-firstuserauthenticator 1.0.0. If any users have never logged in with their normalized username (i.e. lowercase), they will still be vulnerable until a patch or upgrade occurs. | |||||
| CVE-2021-29213 | 1 Hpe | 6 Proliant Dl20 Gen10 Server, Proliant Dl20 Gen10 Server Firmware, Proliant Microserver Gen10 Plus and 3 more | 2021-11-02 | 7.2 HIGH | 6.7 MEDIUM |
| A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity. | |||||
| CVE-2019-3936 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow. | |||||
| CVE-2019-16023 | 1 Cisco | 20 Asr 9000, Asr 9010, Asr 9904 and 17 more | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2019-15579 | 1 Gitlab | 1 Gitlab | 2021-11-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | |||||
| CVE-2021-24781 | 1 Imagesourcecontrol | 1 Image Source Control | 2021-11-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit) | |||||
| CVE-2015-0272 | 4 Canonical, Gnome, Oracle and 1 more | 9 Ubuntu Linux, Networkmanager, Linux and 6 more | 2021-11-02 | 5.0 MEDIUM | N/A |
| GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. | |||||
| CVE-2021-30817 | 1 Apple | 1 Macos | 2021-11-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the user is using Family Sharing with. | |||||
| CVE-2021-30821 | 1 Apple | 2 Mac Os X, Macos | 2021-11-02 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-23546 | 1 Irfanview | 1 Irfanview | 2021-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981. | |||||
| CVE-2021-1821 | 1 Apple | 2 Macos, Watchos | 2021-11-02 | 7.1 HIGH | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service. | |||||
| CVE-2021-37915 | 1 Grandstream | 2 Ht801, Ht801 Firmware | 2021-11-02 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. | |||||
| CVE-2021-30896 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-11-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data. | |||||
| CVE-2021-22403 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 10.0 HIGH | 9.8 CRITICAL |
| There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. | |||||
| CVE-2021-22436 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-30908 | 1 Apple | 1 Macos | 2021-11-02 | 1.9 LOW | 3.3 LOW |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen. | |||||
| CVE-2021-22456 | 1 Huawei | 1 Harmonyos | 2021-11-02 | 2.1 LOW | 5.5 MEDIUM |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. | |||||
| CVE-2021-30915 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-11-02 | 2.1 LOW | 2.4 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field. | |||||
| CVE-2020-23549 | 1 Irfanview | 1 Irfanview | 2021-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6". | |||||
| CVE-2021-22472 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22481 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22483 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS. | |||||
| CVE-2021-22485 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22486 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-36988 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. | |||||
| CVE-2021-36995 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. | |||||
| CVE-2021-36996 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of certain virtual information. | |||||
| CVE-2021-36997 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly. | |||||
| CVE-2021-37001 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow the register value to be modified. | |||||
| CVE-2021-36998 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds. | |||||
| CVE-2021-22407 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-41872 | 1 Skyworthdigital | 2 Penguin Aurora Box 41502, Penguin Aurora Box 41502 Firmware | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. | |||||
| CVE-2021-30882 | 1 Apple | 3 Ipad Os, Iphone Os, Watchos | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call. | |||||
| CVE-2021-30863 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-11-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 15 and iPadOS 15. A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID. | |||||