Total
32365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31518 | 1 Trendmicro | 1 Home Network Security | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31517. | |||||
| CVE-2021-31517 | 1 Trendmicro | 1 Home Network Security | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31518. | |||||
| CVE-2021-31414 | 1 Rpm Spec Project | 1 Rpm Spec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. | |||||
| CVE-2021-31381 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. | |||||
| CVE-2021-31380 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information. | |||||
| CVE-2021-31374 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: 20.3 versions prior to 20.3R2-EVO. | |||||
| CVE-2021-31371 | 1 Juniper | 6 Junos, Qfx5100, Qfx5110 and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS on QFX5110, QFX5120, QFX5200, QFX5210 Series, and QFX5100 with QFX 5e Series image installed: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; | |||||
| CVE-2021-31349 | 1 Juniper | 2 128 Technology Session Smart Router, 128 Technology Session Smart Router Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1. | |||||
| CVE-2021-31232 | 1 Linuxfoundation | 1 Cortex | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | |||||
| CVE-2021-31231 | 1 Grafana | 1 Enterprise Metrics | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | |||||
| CVE-2021-31225 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-31224 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 3.5 LOW |
| SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. | |||||
| CVE-2021-31223 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-31222 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-31221 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-31220 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.3 LOW | 5.2 MEDIUM |
| SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | |||||
| CVE-2021-31215 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | |||||
| CVE-2021-31214 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-31213 | 1 Microsoft | 1 Remote | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-31211 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||