Total
10494 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20569 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. | |||||
| CVE-2021-20496 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. | |||||
| CVE-2021-20330 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | |||||
| CVE-2021-20329 | 1 Mongodb | 1 Go Driver | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0. | |||||
| CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20273 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | |||||
| CVE-2021-20252 | 1 Redhat | 1 3scale Api Management | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20194 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. | |||||
| CVE-2021-1970 | 1 Qualcomm | 236 Apq8053, Apq8053 Firmware, Aqt1000 and 233 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-1969 | 1 Qualcomm | 124 Aqt1000, Aqt1000 Firmware, Ar8031 and 121 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1968 | 1 Qualcomm | 124 Aqt1000, Aqt1000 Firmware, Ar8031 and 121 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1965 | 1 Qualcomm | 252 Aqt1000, Aqt1000 Firmware, Ar9380 and 249 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1960 | 1 Qualcomm | 276 Aqt1000, Aqt1000 Firmware, Ar8031 and 273 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1807 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. | |||||
| CVE-2021-1748 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2021-1602 | 1 Cisco | 6 Small Business Rv160, Small Business Rv160w, Small Business Rv260 and 3 more | 2024-11-21 | 10.0 HIGH | 8.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. | |||||
| CVE-2021-1588 | 1 Cisco | 67 Nexus 3000, Nexus 3048, Nexus 31108pc-v and 64 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. | |||||
| CVE-2021-1570 | 1 Cisco | 1 Jabber | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1569 | 1 Cisco | 1 Jabber | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1562 | 1 Cisco | 1 Broadworks Application Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available. | |||||