Total
32419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39237 | 1 Hp | 3 Futuresmart 3, Futuresmart 4, Futuresmart 5 | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure. | |||||
| CVE-2021-39230 | 1 Butter Project | 1 Butter | 2024-11-21 | 5.0 MEDIUM | 8.8 HIGH |
| Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds. | |||||
| CVE-2021-39224 | 1 Nextcloud | 1 Officeonline | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings. | |||||
| CVE-2021-39223 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 5.0 MEDIUM | 4.8 MEDIUM |
| Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings. | |||||
| CVE-2021-39211 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI. | |||||
| CVE-2021-39203 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release. | |||||
| CVE-2021-39125 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | |||||
| CVE-2021-39123 | 1 Atlassian | 2 Data Center, Jira | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before version 8.16.0. | |||||
| CVE-2021-39122 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. | |||||
| CVE-2021-39121 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. | |||||
| CVE-2021-39118 | 1 Atlassian | 2 Data Center, Jira | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0. | |||||
| CVE-2021-39116 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. | |||||
| CVE-2021-39088 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111. | |||||
| CVE-2021-39080 | 1 Ibm | 1 Cognos Analytics Mobile | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. | |||||
| CVE-2021-39072 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581. | |||||
| CVE-2021-39070 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. | |||||
| CVE-2021-39056 | 1 Ibm | 1 I | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. | |||||
| CVE-2021-39053 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524. | |||||
| CVE-2021-39052 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523. | |||||
| CVE-2021-39041 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028. | |||||