Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23371 | 1 Chrono-node Project | 1 Chrono-node | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. | |||||
| CVE-2021-23370 | 1 Swiperjs | 1 Swiper | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| This affects the package swiper before 6.5.1. | |||||
| CVE-2021-23369 | 1 Handlebarsjs | 1 Handlebars | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
| The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | |||||
| CVE-2021-23368 | 1 Postcss | 1 Postcss | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | |||||
| CVE-2021-23353 | 1 Parall | 1 Jspdf | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. | |||||
| CVE-2021-23351 | 2 Fedoraproject, Go-proxyproto Project | 2 Fedora, Go-proxyproto | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
| The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed V1 header could be used to exhaust memory in a server process using this code - and create a DoS. This can be exploited by sending a stream starting with PROXY and continuing to send data (which does not contain a newline) until the target stops acknowledging. The risk here is small, because only trusted sources should be allowed to send proxy protocol headers. | |||||
| CVE-2021-23343 | 1 Path-parse Project | 1 Path-parse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity. | |||||
| CVE-2021-23341 | 1 Prismjs | 1 Prism | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. | |||||
| CVE-2021-23331 | 1 Squareup | 1 Connect Java Software Development Kit | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version. | |||||
| CVE-2021-23278 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 5.5 MEDIUM | 8.7 HIGH |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | |||||
| CVE-2021-23265 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A logged-in and authenticated user with a Reviewer Role may lock a content item. | |||||
| CVE-2021-23246 | 1 Oppo | 2 Ace2, Coloros | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | |||||
| CVE-2021-23243 | 2 Google, Oppo | 36 Android, Oppo A12, Oppo A15 and 33 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | |||||
| CVE-2021-23219 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure. | |||||
| CVE-2021-23217 | 3 Linux, Microsoft, Nvidia | 65 Linux Kernel, Windows, Geforce Gt 605 and 62 more | 2024-11-21 | 6.9 MEDIUM | 7.5 HIGH |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components. | |||||
| CVE-2021-23201 | 3 Linux, Microsoft, Nvidia | 37 Linux Kernel, Windows, Geforce Gtx 950 and 34 more | 2024-11-21 | 6.9 MEDIUM | 7.5 HIGH |
| NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components. | |||||
| CVE-2021-23192 | 1 Samba | 1 Samba | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. | |||||
| CVE-2021-23186 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 8.7 HIGH |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | |||||
| CVE-2021-23178 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead. | |||||
| CVE-2021-23176 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets. | |||||