Total
32421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42001 | 1 Pingidentity | 1 Pingid Desktop | 2024-11-21 | 4.0 MEDIUM | 8.0 HIGH |
| PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | |||||
| CVE-2021-41972 | 1 Apache | 1 Superset | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. | |||||
| CVE-2021-41873 | 1 Skyworth | 2 Penguin Aurora Box, Penguin Aurora Box Firmware | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV. | |||||
| CVE-2021-41872 | 1 Skyworthdigital | 2 Penguin Aurora Box 41502, Penguin Aurora Box 41502 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. | |||||
| CVE-2021-41869 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. | |||||
| CVE-2021-41868 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | |||||
| CVE-2021-41867 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature. | |||||
| CVE-2021-41865 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6. | |||||
| CVE-2021-41861 | 1 Telegram | 1 Telegram | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. | |||||
| CVE-2021-41842 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. | |||||
| CVE-2021-41795 | 1 1password | 1 1password | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.) | |||||
| CVE-2021-41599 | 1 Github | 1 Enterprise Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2021-41594 | 1 Rsa | 1 Archer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. | |||||
| CVE-2021-41590 | 1 Gradle | 1 Enterprise | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment. | |||||
| CVE-2021-41562 | 1 Snowsoftware | 1 Snow Inventory Agent | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows. | |||||
| CVE-2021-41558 | 1 Set User Project | 1 Set User | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. | |||||
| CVE-2021-41545 | 1 Siemens | 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state. | |||||
| CVE-2021-41532 | 1 Apache | 1 Ozone | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. | |||||
| CVE-2021-41526 | 1 Flexera | 1 Revenera Installshield | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. | |||||
| CVE-2021-41525 | 1 Flexera | 1 Flexnet Inventory Agent And Beacon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. | |||||