Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-2001 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2021-2000 | 1 Oracle | 1 Database Server | 2024-11-21 | 3.5 LOW | 2.4 LOW |
| Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2021-29993 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92. | |||||
| CVE-2021-29983 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91. | |||||
| CVE-2021-29981 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. | |||||
| CVE-2021-29978 | 1 Mozilla | 1 Mozilla Vpn | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3. | |||||
| CVE-2021-29974 | 1 Mozilla | 1 Firefox | 2024-11-21 | 2.6 LOW | 4.3 MEDIUM |
| When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-29923 | 3 Fedoraproject, Golang, Oracle | 3 Fedora, Go, Timesten In-memory Database | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | |||||
| CVE-2021-29922 | 1 Rust-lang | 1 Rust | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. | |||||
| CVE-2021-29908 | 1 Ibm | 2 Ts7700, Ts7700 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747. | |||||
| CVE-2021-29906 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. | |||||
| CVE-2021-29899 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. | |||||
| CVE-2021-29880 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979. | |||||
| CVE-2021-29875 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572. | |||||
| CVE-2021-29873 | 1 Ibm | 12 Flashsystem 9000, Flashsystem 9000 Firmware, Flashsystem 9100 and 9 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. | |||||
| CVE-2021-29867 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. | |||||
| CVE-2021-29862 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | |||||
| CVE-2021-29861 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085. | |||||
| CVE-2021-29860 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084. | |||||
| CVE-2021-29859 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. | |||||