Total
29518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40013 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity. | |||||
| CVE-2021-40005 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-3972 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | |||||
| CVE-2021-3971 | 1 Lenovo | 146 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 143 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. | |||||
| CVE-2021-3967 | 1 Zulip | 1 Zulip | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in GitHub repository zulip/zulip prior to 4.10. | |||||
| CVE-2021-3837 | 1 Openwhyd | 1 Openwhyd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| openwhyd is vulnerable to Improper Authorization | |||||
| CVE-2021-3820 | 1 Inflect Project | 1 Inflect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| inflect is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3801 | 1 Prismjs | 1 Prism | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| prism is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3798 | 1 Opencryptoki Project | 1 Opencryptoki | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. | |||||
| CVE-2021-3797 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| hestiacp is vulnerable to Use of Wrong Operator in String Comparison | |||||
| CVE-2021-3794 | 1 Vuelidate Project | 1 Vuelidate | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| vuelidate is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3793 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. | |||||
| CVE-2021-3777 | 1 Tmpl Project | 1 Tmpl | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3747 | 2 Apple, Canonical | 2 Macos, Multipass | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. | |||||
| CVE-2021-3716 | 2 Nbdkit Project, Redhat | 2 Nbdkit, Enterprise Linux | 2024-11-21 | 3.5 LOW | 3.1 LOW |
| A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3707 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. | |||||
| CVE-2021-3652 | 1 Port389 | 1 389-ds-base | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled. | |||||
| CVE-2021-3649 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| chatwoot is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3616 | 1 Lenovo | 6 Smart Camera C2e, Smart Camera C2e Firmware, Smart Camera X3 and 3 more | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
| A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651. | |||||
| CVE-2021-3554 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
| Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | |||||