Critical
CVE-2020-29177
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.
Read moreUncategorized 2021
Page 3/26.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2021-12-02
Medium
CVE-2021-43327
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.
Read more2021-12-01
Medium
CVE-2021-29779
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in t…
Read moreHigh
CVE-2021-20864
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware…
Read moreMedium
CVE-2021-20862
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware…
Read moreHigh
CVE-2021-20861
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmw…
Read more2021-11-30
Medium
CVE-2021-38958
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042
Read moreCritical
CVE-2021-43202
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
Read moreHigh
CVE-2021-43771
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead…
Read more2021-11-29
Critical
CVE-2021-43693
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
Read more2021-11-26
Medium
CVE-2021-44225
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in…
Read more2021-11-25
High
CVE-2021-44223
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that…
Read more2021-11-24
Critical
CVE-2021-44219
Gin-Vue-Admin before 2.4.6 mishandles a SQL database.
Read moreHigh
CVE-2021-22957
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with ma…
Read moreHigh
CVE-2021-21980
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain acce…
Read moreMedium
CVE-2021-20841
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vect…
Read moreHigh
CVE-2021-28708
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be starte…
Read moreHigh
CVE-2021-28707
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be starte…
Read moreHigh
CVE-2021-28704
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be starte…
Read more2021-11-23
Medium
CVE-2021-38875
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.
Read moreHigh
CVE-2021-36314
Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution…
Read moreHigh
CVE-2021-37035
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
Read moreHigh
CVE-2021-37034
There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
Read moreMedium
CVE-2021-37032
There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work.
Read moreHigh
CVE-2021-37031
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
Read moreMedium
CVE-2021-37029
There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
Read moreHigh
CVE-2021-37018
There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
Read moreHigh
CVE-2021-37012
There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
Read moreHigh
CVE-2021-37009
There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.
Read moreHigh
CVE-2021-39976
There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit t…
Read more2021-11-22
Medium
CVE-2021-38378
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
Read more2021-11-20
Medium
CVE-2021-34400
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may l…
Read moreMedium
CVE-2021-34399
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which ma…
Read moreMedium
CVE-2021-23219
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and…
Read moreHigh
CVE-2021-23217
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time…
Read moreHigh
CVE-2021-23201
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loadi…
Read moreMedium
CVE-2021-1125
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.
Read moreMedium
CVE-2021-1105
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to infor…
Read moreMedium
CVE-2021-1088
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, whi…
Read more2021-11-18
Medium
CVE-2021-27025
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Read moreHigh
CVE-2021-27024
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in C…
Read moreCritical
CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Read more2021-11-17
High
CVE-2021-43997
FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a thi…
Read moreCritical
CVE-2021-43996
The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control.
Read moreHigh
CVE-2021-33118
Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalati…
Read moreHigh
CVE-2021-33058
Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalatio…
Read moreMedium
CVE-2021-0198
Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access.
Read moreMedium
CVE-2021-0197
Protection mechanism failure in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access.
Read moreMedium
CVE-2021-0157
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Read moreHigh
CVE-2021-0151
Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of…
Read moreMedium
CVE-2021-0146
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Read moreMedium
CVE-2021-0110
Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access.
Read moreHigh
CVE-2021-33089
Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentia…
Read moreHigh
CVE-2021-0121
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable es…
Read moreMedium
CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_pan…
Read moreCritical
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
Read moreMedium
CVE-2021-29861
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.
Read moreMedium
CVE-2021-29860
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.
Read moreMedium
CVE-2021-43337
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users…
Read more2021-11-16
Medium
CVE-2021-26337
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
Read moreHigh
CVE-2021-26335
Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resultin…
Read moreHigh
CVE-2020-21627
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified ve…
Read moreHigh
CVE-2021-43046
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access…
Read moreHigh
CVE-2021-26322
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
Read moreMedium
CVE-2021-38882
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.
Read more2021-11-15
High
CVE-2020-12962
Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.
Read moreMedium
CVE-2021-38975
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.
Read moreMedium
CVE-2021-38974
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779.
Read moreMedium
CVE-2020-12920
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.
Read moreHigh
CVE-2020-12902
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
Read moreHigh
CVE-2020-12900
An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.
Read moreHigh
CVE-2020-12899
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.
Read moreMedium
CVE-2020-12897
Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
Read moreHigh
CVE-2020-12964
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows B…
Read moreHigh
CVE-2021-43620
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may retur…
Read more2021-11-12
Medium
CVE-2021-36315
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a…
Read moreHigh
CVE-2021-43578
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control…
Read moreCritical
CVE-2021-42775
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download fe…
Read moreHigh
CVE-2021-42773
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a…
Read more2021-11-11
2021-11-10
Medium
CVE-2021-42111
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS…
Read moreHigh
CVE-2021-32023
An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context…
Read moreMedium
CVE-2021-32022
A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of…
Read moreHigh
CVE-2021-32021
A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a…
Read moreHigh
CVE-2021-22048
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter S…
Read moreHigh
CVE-2021-43564
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unau…
Read moreHigh
CVE-2021-43563
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated att…
Read moreCritical
CVE-2021-40521
Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.
Read moreMedium
CVE-2021-38887
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. I…
Read moreHigh
CVE-2021-43209
3D Viewer Remote Code Execution Vulnerability
Read moreLow
CVE-2021-42323
Azure RTOS Information Disclosure Vulnerability
Read moreHigh
CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-42316
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-42305
Microsoft Exchange Server Spoofing Vulnerability
Read moreLow
CVE-2021-42301
Azure RTOS Information Disclosure Vulnerability
Read moreMedium
CVE-2021-42300
Azure Sphere Tampering Vulnerability
Read moreHigh
CVE-2021-42292
Microsoft Excel Security Feature Bypass Vulnerability
Read moreMedium
CVE-2021-42288
Windows Hello Security Feature Bypass Vulnerability
Read moreHigh
CVE-2021-42287
Active Directory Domain Services Elevation of Privilege Vulnerability
Read moreMedium
CVE-2021-42284
Windows Hyper-V Denial of Service Vulnerability
Read moreHigh
CVE-2021-42278
Active Directory Domain Services Elevation of Privilege Vulnerability
Read moreHigh
CVE-2021-42276
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-42275
Microsoft COM for Windows Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-42274
Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
Read moreHigh
CVE-2021-41378
Windows NTFS Remote Code Execution Vulnerability
Read moreLow
CVE-2021-41376
Azure Sphere Information Disclosure Vulnerability
Read moreMedium
CVE-2021-41375
Azure Sphere Information Disclosure Vulnerability
Read moreMedium
CVE-2021-41374
Azure Sphere Information Disclosure Vulnerability
Read moreMedium
CVE-2021-41373
FSLogix Information Disclosure Vulnerability
Read moreMedium
CVE-2021-41371
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Read moreMedium
CVE-2021-41368
Microsoft Access Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-41356
Windows Denial of Service Vulnerability
Read moreMedium
CVE-2021-41351
Microsoft Edge (Chrome based) Spoofing on IE Mode
Read moreMedium
CVE-2021-41349
Microsoft Exchange Server Spoofing Vulnerability
Read moreHigh
CVE-2021-40442
Microsoft Excel Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-38666
Remote Desktop Client Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-38665
Remote Desktop Protocol Client Information Disclosure Vulnerability
Read moreMedium
CVE-2021-38631
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Read moreLow
CVE-2021-26444
Azure RTOS Information Disclosure Vulnerability
Read more