Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26734 | 1 Zscaler | 1 Client Connector | 2024-11-21 | N/A | 4.4 MEDIUM |
| Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. | |||||
| CVE-2021-26717 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. | |||||
| CVE-2021-26701 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| .NET Core Remote Code Execution Vulnerability | |||||
| CVE-2021-26688 | 2 Google, Lg | 2 Android, Wing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021). | |||||
| CVE-2021-26687 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021). | |||||
| CVE-2021-26677 | 2 Arubanetworks, Microsoft | 2 Clearpass Policy Manager, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges. | |||||
| CVE-2021-26676 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | |||||
| CVE-2021-26614 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 10.0 HIGH | 7.5 HIGH |
| ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command. | |||||
| CVE-2021-26588 | 1 Hpe | 19 3par Os, 3par Storeserv 10400, 3par Storeserv 10800 and 16 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware. | |||||
| CVE-2021-26586 | 1 Hp | 1 Edgeline Infrastructure Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM). | |||||
| CVE-2021-26585 | 1 Hpe | 1 Oneview Global Dashboard | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32. | |||||
| CVE-2021-26583 | 1 Hp | 1 Ilo Amplifier Pack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution. | |||||
| CVE-2021-26581 | 1 Hpe | 2 Superdome Flex Server, Superdome Flex Server Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later. | |||||
| CVE-2021-26540 | 1 Apostrophecms | 1 Sanitize-html | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". | |||||
| CVE-2021-26539 | 1 Apostrophecms | 1 Sanitize-html | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. | |||||
| CVE-2021-26471 | 1 Vembu | 2 Bdr Suite, Offsite Dr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands. | |||||
| CVE-2021-26444 | 1 Microsoft | 1 Azure Real Time Operating System | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| Azure RTOS Information Disclosure Vulnerability | |||||
| CVE-2021-26443 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||
| CVE-2021-26442 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
| Windows HTTP.sys Elevation of Privilege Vulnerability | |||||
| CVE-2021-26439 | 2 Google, Microsoft | 2 Android, Edge | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| Microsoft Edge for Android Information Disclosure Vulnerability | |||||