Total
29457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45477 | 1 Yordam | 1 Library Automation System | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | |||||
| CVE-2021-45338 | 1 Avast | 1 Antivirus | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. | |||||
| CVE-2021-45289 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. | |||||
| CVE-2021-45115 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | |||||
| CVE-2021-45092 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | |||||
| CVE-2021-45091 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | |||||
| CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.3 LOW | 5.2 MEDIUM |
| Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | |||||
| CVE-2021-45074 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 5.5 MEDIUM | 4.3 MEDIUM |
| JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | |||||
| CVE-2021-44903 | 1 Msi | 1 Center Pro | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | |||||
| CVE-2021-44901 | 1 Msi | 1 Dragon Center | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | |||||
| CVE-2021-44900 | 1 Msi | 1 App Player | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | |||||
| CVE-2021-44899 | 1 Msi | 1 Center | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | |||||
| CVE-2021-44886 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. | |||||
| CVE-2021-44877 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed. | |||||
| CVE-2021-44852 | 1 Biostar | 1 Racing Gt Evo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000. | |||||
| CVE-2021-44838 | 1 Deltarm | 1 Delta Rm | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies. | |||||
| CVE-2021-44837 | 1 Deltarm | 1 Delta Rm | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk. | |||||
| CVE-2021-44776 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2024-11-21 | 6.6 MEDIUM | 8.4 HIGH |
| Docker Desktop 4.3.0 has Incorrect Access Control. | |||||
| CVE-2021-44714 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 4.3 MEDIUM | 2.5 LOW |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file. | |||||