Total
7414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34883 | 1 Bentley | 2 Bentley View, Microstation | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14836. | |||||
| CVE-2021-34882 | 1 Bentley | 2 Bentley View, Microstation | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14835. | |||||
| CVE-2021-34881 | 1 Bentley | 2 Bentley View, Microstation | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14834. | |||||
| CVE-2021-34688 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. | |||||
| CVE-2021-34685 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 6.5 MEDIUM | 2.7 LOW |
| UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | |||||
| CVE-2021-34682 | 1 Gov | 1 Imposto De Renda Da Pessoa Fisica 2021 | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. | |||||
| CVE-2021-34563 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. | |||||
| CVE-2021-34428 | 4 Debian, Eclipse, Netapp and 1 more | 16 Debian Linux, Jetty, Active Iq Unified Manager and 13 more | 2024-11-21 | 3.6 LOW | 2.9 LOW |
| For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. | |||||
| CVE-2021-34421 | 1 Keybase | 1 Keybase | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device. | |||||
| CVE-2021-34419 | 1 Zoom | 1 Zoom Client For Meetings | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks. | |||||
| CVE-2021-34397 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2024-11-21 | 2.1 LOW | 1.9 LOW |
| Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. | |||||
| CVE-2021-34396 | 1 Nvidia | 5 Jetson Linux, Jetson Tx2, Jetson Tx2 4gb and 2 more | 2024-11-21 | 2.1 LOW | 3.0 LOW |
| Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service. | |||||
| CVE-2021-34395 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2024-11-21 | 4.6 MEDIUM | 3.9 LOW |
| Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service. | |||||
| CVE-2021-33738 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405) | |||||
| CVE-2021-33604 | 1 Vaadin | 2 Flow-server, Vaadin | 2024-11-21 | 1.2 LOW | 2.5 LOW |
| URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. | |||||
| CVE-2021-33597 | 3 Apple, F-secure, Microsoft | 6 Macos, Business Suite, Client Security and 3 more | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | |||||
| CVE-2021-33596 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS. | |||||
| CVE-2021-33595 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33594 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33572 | 1 F-secure | 4 Cloud Protection For Salesforce, Elements For Microsoft 365, Endpoint Protection and 1 more | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | |||||