Total
7414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38209 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls. | |||||
| CVE-2021-38205 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). | |||||
| CVE-2021-38129 | 1 Microfocus | 1 Operations Agent | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. | |||||
| CVE-2021-37964 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. | |||||
| CVE-2021-37939 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster. | |||||
| CVE-2021-37910 | 1 Asus | 10 Gt-axe11000, Gt-axe11000 Firmware, Rt-ax3000 and 7 more | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. | |||||
| CVE-2021-37864 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.0 MEDIUM | 2.6 LOW |
| Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs. | |||||
| CVE-2021-37863 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. | |||||
| CVE-2021-37862 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.8 MEDIUM | 3.7 LOW |
| Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token. | |||||
| CVE-2021-37860 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. | |||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | |||||
| CVE-2021-37176 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260) | |||||
| CVE-2021-37073 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. | |||||
| CVE-2021-36994 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist. | |||||
| CVE-2021-36910 | 1 Wp-appbox Project | 1 Wp-appbox | 2024-11-21 | 3.5 LOW | 3.4 LOW |
| Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | |||||
| CVE-2021-36889 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2024-11-21 | 3.5 LOW | 3.4 LOW |
| Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6). | |||||
| CVE-2021-36864 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 3.4 LOW |
| Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2021-36849 | 1 Social Media Share Buttons Project | 1 Social Media Share Buttons | 2024-11-21 | N/A | 3.4 LOW |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. | |||||
| CVE-2021-36848 | 1 Sharethis | 1 Social Media Feather | 2024-11-21 | 3.5 LOW | 3.4 LOW |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | |||||
| CVE-2021-36844 | 1 Mythemeshop | 1 Wp Subscribe | 2024-11-21 | 3.5 LOW | 3.4 LOW |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | |||||