Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29141 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29138 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29133 | 1 Haserl Project | 1 Haserl | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem. | |||||
| CVE-2021-29082 | 1 Netgear | 26 Rbk752, Rbk752 Firmware, Rbk753 and 23 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2021-29067 | 1 Netgear | 26 Rbk752, Rbk752 Firmware, Rbk753 and 23 more | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. | |||||
| CVE-2021-29066 | 1 Netgear | 10 Rbk852, Rbk852 Firmware, Rbk853 and 7 more | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-29065 | 1 Netgear | 2 Rbr850, Rbr850 Firmware | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. | |||||
| CVE-2021-29041 | 1 Liferay | 1 Dxp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret. | |||||
| CVE-2021-28962 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | |||||
| CVE-2021-28956 | 1 Sass Lint Project | 1 Sass Lint | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-28938 | 1 Siren | 1 Federate | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query's privileges. | |||||
| CVE-2021-28899 | 1 Live555 | 1 Streaming Media | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16. | |||||
| CVE-2021-28847 | 1 Mobatek | 1 Mobaxterm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. | |||||
| CVE-2021-28834 | 3 Debian, Fedoraproject, Kramdown Project | 3 Debian Linux, Fedora, Kramdown | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. | |||||
| CVE-2021-28832 | 1 Vim Project | 1 Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. | |||||
| CVE-2021-28830 | 1 Tibco | 4 Enterprise Runtime For R, Spotfire Analytics Platform, Spotfire Server and 1 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0. | |||||
| CVE-2021-28818 | 2 Microsoft, Tibco | 2 Windows, Rendezvous | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. | |||||
| CVE-2021-28794 | 1 Shellcheck Project | 1 Shellcheck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. | |||||
| CVE-2021-28792 | 1 Swift Development Environment Project | 1 Swift Development Environment | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace. | |||||
| CVE-2021-28790 | 1 Swiftlint Project | 1 Swiftlint | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace. | |||||