Uncategorized CVEs — 2021 (Page 6/26)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2021-10-20

Medium

CVE-2021-35545

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p…

CVSS: 6.7CWE: N/A

High

CVE-2021-35543

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily explo…

CVSS: 8.1CWE: N/A

Medium

CVE-2021-35542

CVSS: 4.4CWE: N/A

Medium

CVE-2021-35541

Vulnerability in the PeopleSoft Enterprise SCM product of Oracle PeopleSoft (component: Supplier Portal). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low pr…

CVSS: 5.4CWE: N/A

Medium

CVE-2021-35540

CVSS: 5.5CWE: N/A

Medium

CVE-2021-35539

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker wi…

CVSS: 6.5CWE: N/A

High

CVE-2021-35538

CVSS: 7.8CWE: N/A

Medium

CVE-2021-35537

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9CWE: N/A

High

CVE-2021-35536

Vulnerability in the Oracle Deal Management product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability all…

CVSS: 8.1CWE: N/A

High

CVE-2021-2485

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows lo…

CVSS: 8.1CWE: N/A

High

CVE-2021-2484

Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Supported versions that are affected are 12.1.1-12.1.3. Easily exploit…

CVSS: 8.1CWE: N/A

High

CVE-2021-2483

Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerabil…

CVSS: 8.1CWE: N/A

High

CVE-2021-2482

Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: Invoice Approvals). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows…

CVSS: 8.1CWE: N/A

Medium

CVE-2021-2481

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 6.5CWE: N/A

Low

CVE-2021-2480

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows…

CVSS: 3.7CWE: N/A

Medium

CVE-2021-2479

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9CWE: N/A

Medium

CVE-2021-2478

CVSS: 4.9CWE: N/A

Medium

CVE-2021-2477

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily explo…

CVSS: 5.3CWE: N/A

Medium

CVE-2021-2476

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Authentication). The supported version that is affected is 6.4.3. Easily exploitable vulnerability all…

CVSS: 5.3CWE: N/A

Medium

CVE-2021-2475

CVSS: 4.4CWE: N/A

High

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low pr…

CVSS: 8.1CWE: N/A

Medium

CVE-2021-2471

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privi…

CVSS: 5.9CWE: N/A

High

CVE-2021-2461

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Provision API). The supported version that is affected is 6.4. Easily exploitable…

CVSS: 8.3CWE: N/A

Medium

CVE-2021-2416

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vu…

CVSS: 4.9CWE: N/A

Medium

CVE-2021-2414

CVSS: 6.8CWE: N/A

Medium

CVE-2021-2332

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged…

CVSS: 6.7CWE: N/A

High

CVE-2021-2137

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploi…

CVSS: 8.8CWE: N/A

High

CVE-2021-1932

Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit…

CVSS: 8.4CWE: N/A

2021-10-19

Medium

CVE-2021-31381

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete…

CVSS: 6.5CWE: CWE-16

Medium

CVE-2021-31380

CVSS: 5.3CWE: CWE-16

Medium

CVE-2021-27001

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily mod…

CVSS: 5.5CWE: N/A

Medium

CVE-2021-30850

An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of th…

CVSS: 5.5CWE: N/A

High

CVE-2021-30847

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Proces…

CVSS: 7.8CWE: N/A

High

CVE-2021-30843

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Proces…

CVSS: 7.8CWE: N/A

High

CVE-2021-30842

CVSS: 7.8CWE: N/A

High

CVE-2021-30841

CVSS: 7.8CWE: N/A

High

CVE-2021-30838

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privilege…

CVSS: 7.8CWE: N/A

High

CVE-2021-30837

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kern…

CVSS: 7.8CWE: N/A

High

CVE-2021-30835

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously c…

CVSS: 7.8CWE: N/A

High

CVE-2021-30829

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.

CVSS: 7.8CWE: N/A

Medium

CVE-2021-30828

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.

CVSS: 5.5CWE: N/A

High

CVE-2021-30826

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection.

CVSS: 7.5CWE: N/A

High

CVE-2021-30825

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS: 7.8CWE: N/A

Critical

CVE-2021-30820

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution.

CVSS: 9.8CWE: N/A

Low

CVE-2021-30815

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able t…

CVSS: 2.4CWE: N/A

Medium

CVE-2021-30811

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.

CVSS: 5.5CWE: N/A

2021-10-18

Critical

CVE-2021-42576

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

CVSS: 9.8CWE: N/A

Critical

CVE-2021-42575

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

CVSS: 9.8CWE: N/A

2021-10-15

High

CVE-2021-29745

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID:…

CVSS: 8.8CWE: N/A

Critical

CVE-2021-40997

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6…

CVSS: 9.8CWE: N/A

Critical

CVE-2021-40996

CVSS: 9.8CWE: N/A

High

CVE-2021-40991

A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.…

CVSS: 7.2CWE: N/A

Medium

CVE-2021-40990

CVSS: 6.5CWE: N/A

High

CVE-2021-40989

A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to…

CVSS: 7.8CWE: N/A

Critical

CVE-2021-37736

CVSS: 9.8CWE: N/A

2021-10-14

High

CVE-2021-42341

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-202…

CVSS: 7.5CWE: N/A

2021-10-13

High

CVE-2021-20127

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete…

CVSS: 8.1CWE: N/A

High

CVE-2021-39304

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.

CVSS: 7.5CWE: N/A

High

CVE-2021-34814

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-20804

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

CVSS: 6.5CWE: N/A

Medium

CVE-2021-41363

Intune Management Extension Security Feature Bypass Vulnerability

CVSS: 4.2CWE: N/A

Medium

CVE-2021-41361

Active Directory Federation Server Spoofing Vulnerability

CVSS: 5.4CWE: N/A

High

CVE-2021-41357

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-41355

.NET Core and Visual Studio Information Disclosure Vulnerability

CVSS: 5.7CWE: N/A

Medium

CVE-2021-41353

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

CVSS: 5.4CWE: N/A

High

CVE-2021-41352

SCOM Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2021-41350

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2021-41346

Console Window Host Security Feature Bypass Vulnerability

CVSS: 5.3CWE: N/A

High

CVE-2021-41344

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.1CWE: N/A

Medium

CVE-2021-41343

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-41342

Windows MSHTML Platform Remote Code Execution Vulnerability

CVSS: 6.8CWE: N/A

High

CVE-2021-41340

Windows Graphics Component Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-41338

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-41337

Active Directory Security Feature Bypass Vulnerability

CVSS: 4.9CWE: N/A

Medium

CVE-2021-41336

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-41332

Windows Print Spooler Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2021-41331

Windows Media Audio Decoder Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-41330

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40484

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.6CWE: N/A

High

CVE-2021-40483

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.6CWE: N/A

Medium

CVE-2021-40482

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 5.3CWE: N/A

High

CVE-2021-40481

Microsoft Office Visio Remote Code Execution Vulnerability

CVSS: 7.1CWE: N/A

High

CVE-2021-40480

Microsoft Office Visio Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40479

Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-40475

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-40474

Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40473

Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-40472

Microsoft Excel Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-40471

Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40469

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 7.2CWE: N/A

Medium

CVE-2021-40468

Windows Bind Filter Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-40465

Windows Text Shaping Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40463

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVSS: 7.7CWE: N/A

High

CVE-2021-40462

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40461

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 8.0CWE: N/A

Medium

CVE-2021-40460

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2021-40455

Windows Installer Spoofing Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-40450

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-38672

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 8.0CWE: N/A

Medium

CVE-2021-38663

Windows exFAT File System Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-38662

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-36970

Windows Print Spooler Spoofing Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2021-36953

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2021-34453

Microsoft Exchange Server Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2021-26442

Windows HTTP.sys Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

Critical

CVE-2021-26427

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0CWE: N/A

2021-10-12

Medium

CVE-2021-42326

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

CVSS: 5.3CWE: N/A

High

CVE-2021-29645

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker…

CVSS: 7.0CWE: N/A

Critical

CVE-2021-35495

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server…

CVSS: 9.0CWE: N/A

Medium

CVE-2021-40498

A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, eit…

CVSS: 5.5CWE: N/A

Medium

CVE-2021-40495

There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the…

CVSS: 5.3CWE: N/A

High

CVE-2021-38181

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by…

CVSS: 7.5CWE: N/A

Medium

CVE-2021-38179

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.

CVSS: 4.9CWE: N/A

High

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP cod…

CVSS: 8.8CWE: N/A

2021-10-11

High

CVE-2021-42252

An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwr…

CVSS: 7.8CWE: N/A

High

CVE-2021-27002

NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.

CVSS: 7.5CWE: N/A

Critical

CVE-2021-26588

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low c…

CVSS: 9.8CWE: N/A

Medium

CVE-2021-20121

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary…

CVSS: 4.0CWE: N/A

High

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (…

CVSS: 8.8CWE: N/A