Total
29518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33713 | 1 Siemens | 1 Jt Utilities | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. | |||||
| CVE-2021-33689 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted. | |||||
| CVE-2021-33677 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | |||||
| CVE-2021-33629 | 1 Openeuler | 1 Isula-build | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. | |||||
| CVE-2021-33604 | 1 Vaadin | 2 Flow-server, Vaadin | 2024-11-21 | 1.2 LOW | 2.5 LOW |
| URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. | |||||
| CVE-2021-33595 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33594 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33593 | 1 Navercorp | 1 Whale | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. | |||||
| CVE-2021-33592 | 1 Naver | 1 Toolbar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function. | |||||
| CVE-2021-33591 | 1 Naver | 1 Comic Viewer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2021-33577 | 1 Cleo | 1 Lexicom | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain. | |||||
| CVE-2021-33538 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2021-33516 | 1 Gnome | 1 Gupnp | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. | |||||
| CVE-2021-33504 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Couchbase Server before 7.1.0 has Incorrect Access Control. | |||||
| CVE-2021-33393 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well. | |||||
| CVE-2021-33360 | 1 Stoqey | 1 Gnuplot | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). | |||||
| CVE-2021-33216 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. | |||||
| CVE-2021-33164 | 1 Intel | 8 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 5 more | 2024-11-21 | N/A | 8.2 HIGH |
| Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33118 | 1 Intel | 1 Serial Io Driver For Intel Nuc 11 Gen | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33104 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. | |||||