Total
32365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33205 | 1 Westerndigital | 1 Edgerover | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials. | |||||
| CVE-2021-33204 | 1 Pgxn | 1 Pg Partman | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set. | |||||
| CVE-2021-33198 | 1 Golang | 1 Go | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | |||||
| CVE-2021-33012 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 Firmware | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. | |||||
| CVE-2021-32958 | 1 Claroty | 1 Secure Remote Access | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation. | |||||
| CVE-2021-32787 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
| Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading. | |||||
| CVE-2021-32695 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 4.3 MEDIUM | 3.9 LOW |
| Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1. | |||||
| CVE-2021-32646 | 1 Dav-cogs Project | 1 Dav-cogs | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
| Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the ``manage channel`` permissions in a private VC they have joined. This allowed them to make changes to or delete the voice channel they have taken over. The exploit does not allow access or control to any other channels in the server. Upgrade to version 1.0.1 for a patched version of the cog. As a workaround you may disable private VCs in your guild(server) or unload the roomer cog to render the exploit unusable. | |||||
| CVE-2021-32608 | 1 Smartstore | 1 Smartstore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. | |||||
| CVE-2021-32607 | 1 Smartstore | 1 Smartstore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. | |||||
| CVE-2021-32575 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. | |||||
| CVE-2021-32560 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. | |||||
| CVE-2021-32546 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it). | |||||
| CVE-2021-32497 | 1 Sick | 1 Sopas Engineering Tool | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
| SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. | |||||
| CVE-2021-32473 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected | |||||
| CVE-2021-32234 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. | |||||
| CVE-2021-32198 | 1 Emtec | 1 Zoc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change. | |||||
| CVE-2021-32028 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-32023 | 1 Blackberry | 1 Protect | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system. | |||||
| CVE-2021-32022 | 1 Blackberry | 1 Protect | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system. | |||||