Total
32365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31906 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. | |||||
| CVE-2021-31905 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. | |||||
| CVE-2021-31900 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. | |||||
| CVE-2021-31899 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode. | |||||
| CVE-2021-31897 | 1 Jetbrains | 1 Webstorm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. | |||||
| CVE-2021-31874 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. | |||||
| CVE-2021-31865 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. | |||||
| CVE-2021-31864 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. | |||||
| CVE-2021-31857 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | |||||
| CVE-2021-31839 | 1 Mcafee | 1 Agent | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
| Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server. | |||||
| CVE-2021-31836 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 3.6 LOW | 5.6 MEDIUM |
| Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. | |||||
| CVE-2021-31833 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
| Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. | |||||
| CVE-2021-31702 | 1 Frontiersoftware | 1 Ichris | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. | |||||
| CVE-2021-31693 | 1 Vmware | 1 Tools | 2024-11-21 | N/A | 6.5 MEDIUM |
| The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. | |||||
| CVE-2021-31613 | 1 Zh-jieli | 10 Ac6901, Ac6901 Firmware, Ac6921 and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet. | |||||
| CVE-2021-31612 | 1 Zh-jieli | 24 Ac6901, Ac6901 Firmware, Ac6902 and 21 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet. | |||||
| CVE-2021-31610 | 2 Bluetrum, Mi | 6 Ab5376t, Ab5376t Firmware, Bt8896a and 3 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | |||||
| CVE-2021-31609 | 1 Silabs | 2 Iwrap, Wt32i-a | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet. | |||||
| CVE-2021-31585 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. | |||||
| CVE-2021-31559 | 1 Splunk | 1 Splunk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. | |||||