Critical
CVE-2021-26443
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Read moreUncategorized 2021
Page 4/26.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2021-11-10
2021-11-09
High
CVE-2020-28419
During installation with certain driver software or application packages an arbitrary code execution could occur.
Read moreHigh
CVE-2021-43182
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
Read moreHigh
CVE-2021-43180
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
Read moreMedium
CVE-2021-43201
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
Read moreCritical
CVE-2021-43200
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
Read moreHigh
CVE-2021-43196
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
Read moreMedium
CVE-2021-43195
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
Read moreMedium
CVE-2021-43194
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
Read moreCritical
CVE-2021-43193
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
Read moreMedium
CVE-2021-43192
In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.
Read moreMedium
CVE-2021-43191
JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.
Read moreMedium
CVE-2021-43190
In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.
Read moreHigh
CVE-2021-43189
In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete.
Read moreHigh
CVE-2021-43188
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.
Read moreMedium
CVE-2021-43187
In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.
Read moreCritical
CVE-2021-43183
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
Read moreHigh
CVE-2019-18912
A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potentia…
Read moreHigh
CVE-2021-43114
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effective…
Read more2021-11-08
Medium
CVE-2021-29843
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.
Read moreMedium
CVE-2020-4160
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could e…
Read moreMedium
CVE-2021-37850
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the…
Read moreMedium
CVE-2021-32483
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
Read moreCritical
CVE-2021-30132
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.
Read moreHigh
CVE-2021-31601
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting…
Read more2021-11-07
High
CVE-2021-43413
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially…
Read moreHigh
CVE-2021-37471
Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the devi…
Read more2021-11-05
High
CVE-2021-43405
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
Read moreHigh
CVE-2021-43404
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
Read moreCritical
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
Read moreHigh
CVE-2020-23565
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_…
Read moreLow
CVE-2021-39911
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 expo…
Read moreMedium
CVE-2021-39905
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
Read moreLow
CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
Read moreMedium
CVE-2021-39895
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active…
Read more2021-11-04
Medium
CVE-2021-39903
In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance admi…
Read moreHigh
CVE-2021-43396
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an inter…
Read moreCritical
CVE-2021-21697
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Read moreCritical
CVE-2021-21696
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control o…
Read moreCritical
CVE-2021-21689
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Read more2021-11-03
High
CVE-2021-35053
Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the syst…
Read moreHigh
CVE-2020-6931
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
Read moreHigh
CVE-2020-28416
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentiall…
Read moreHigh
CVE-2021-26786
An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php.
Read moreCritical
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
Read moreHigh
CVE-2020-23680
An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts.
Read moreMedium
CVE-2021-39237
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.
Read moreMedium
CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth…
Read moreHigh
CVE-2021-38501
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these…
Read moreHigh
CVE-2021-38500
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these…
Read moreMedium
CVE-2021-38492
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *T…
Read moreMedium
CVE-2021-38491
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.
Read moreHigh
CVE-2021-29993
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are u…
Read moreCritical
CVE-2020-5955
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.
Read moreMedium
CVE-2021-20135
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus A…
Read more2021-11-02
Medium
CVE-2018-6125
Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
Read moreMedium
CVE-2021-37995
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted…
Read moreMedium
CVE-2021-37994
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Read moreMedium
CVE-2021-37990
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
Read moreMedium
CVE-2021-37989
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
Read moreHigh
CVE-2021-37980
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
Read moreHigh
CVE-2021-36183
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTE…
Read moreMedium
CVE-2021-26107
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other…
Read moreCritical
CVE-2020-18439
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
Read moreHigh
CVE-2021-29875
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.
Read moreCritical
CVE-2021-36794
In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.
Read moreMedium
CVE-2021-42568
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
Read moreHigh
CVE-2021-36925
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leadin…
Read moreHigh
CVE-2021-36923
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions…
Read moreHigh
CVE-2021-36922
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial…
Read more2021-11-01
Critical
CVE-2021-3705
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.
Read moreHigh
CVE-2021-3704
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.
Read moreHigh
CVE-2021-3440
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
Read moreMedium
CVE-2021-29213
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs p…
Read moreHigh
CVE-2021-27005
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.
Read moreMedium
CVE-2021-27004
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.
Read moreHigh
CVE-2021-42557
In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.
Read moreHigh
CVE-2021-27644
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Read more2021-10-29
High
CVE-2021-41874
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. The…
Read more2021-10-28
High
CVE-2020-23549
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting…
Read moreHigh
CVE-2020-23546
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in…
Read moreHigh
CVE-2021-30840
This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.
Read moreHigh
CVE-2021-30834
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a…
Read moreMedium
CVE-2021-30833
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
Read moreMedium
CVE-2021-30823
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network posi…
Read moreHigh
CVE-2021-30821
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application m…
Read moreMedium
CVE-2021-30817
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the user is using Family S…
Read moreLow
CVE-2021-30816
The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.
Read moreMedium
CVE-2021-30813
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked i…
Read moreMedium
CVE-2021-30808
This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.
Read moreMedium
CVE-2021-1821
A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service.
Read moreHigh
CVE-2021-37254
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
Read moreHigh
CVE-2021-37001
There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow the register value to be modified.
Read moreMedium
CVE-2021-36998
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.
Read moreMedium
CVE-2021-36997
There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.
Read moreMedium
CVE-2021-36996
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of certain virtual information.
Read moreHigh
CVE-2021-36995
There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
Read moreHigh
CVE-2021-36992
There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
Read moreHigh
CVE-2021-36991
There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unaut…
Read moreHigh
CVE-2021-36988
There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity.
Read moreCritical
CVE-2021-36986
There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
Read moreHigh
CVE-2021-22486
There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.
Read moreHigh
CVE-2021-22485
There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality.
Read moreHigh
CVE-2021-22483
There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS.
Read moreHigh
CVE-2021-22481
There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
Read moreHigh
CVE-2021-22472
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
Read moreHigh
CVE-2021-22470
A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain.
Read moreMedium
CVE-2021-22456
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
Read moreCritical
CVE-2021-22436
There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability.
Read moreMedium
CVE-2021-22407
There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
Read moreHigh
CVE-2021-22405
There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
Read moreCritical
CVE-2021-22403
There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to…
Read moreHigh
CVE-2021-22402
There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks.
Read moreHigh
CVE-2021-22401
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity.
Read moreHigh
CVE-2021-37915
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a re…
Read moreMedium
CVE-2021-43056
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmh…
Read more2021-10-27
Medium
CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BI…
Read moreHigh
CVE-2021-29774
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
Read moreMedium
CVE-2021-41590
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators…
Read moreHigh
CVE-2021-41872
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
Read more