Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34401 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service. | |||||
| CVE-2021-34273 | 1 B2x Project | 1 B2x | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets. | |||||
| CVE-2021-34272 | 1 Robotbtc Project | 1 Robotbtc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets. | |||||
| CVE-2021-34218 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. | |||||
| CVE-2021-34170 | 1 Fromsoftware | 1 Dark Souls Iii | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. | |||||
| CVE-2021-33723 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system. | |||||
| CVE-2021-33713 | 1 Siemens | 1 Jt Utilities | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. | |||||
| CVE-2021-33689 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted. | |||||
| CVE-2021-33677 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | |||||
| CVE-2021-33629 | 1 Openeuler | 1 Isula-build | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. | |||||
| CVE-2021-33604 | 1 Vaadin | 2 Flow-server, Vaadin | 2024-11-21 | 1.2 LOW | 2.5 LOW |
| URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. | |||||
| CVE-2021-33595 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33594 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33593 | 1 Navercorp | 1 Whale | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. | |||||
| CVE-2021-33592 | 1 Naver | 1 Toolbar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function. | |||||
| CVE-2021-33591 | 1 Naver | 1 Comic Viewer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2021-33577 | 1 Cleo | 1 Lexicom | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain. | |||||
| CVE-2021-33538 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2021-33516 | 1 Gnome | 1 Gupnp | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. | |||||
| CVE-2021-33504 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Couchbase Server before 7.1.0 has Incorrect Access Control. | |||||