Total
34322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3384 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.3 Medium |
| A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. | ||||
| CVE-2021-3346 | 1 Nic | 1 Foris | 2024-11-21 | 9.8 Critical |
| Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. | ||||
| CVE-2021-3308 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host. | ||||
| CVE-2021-3293 | 1 Emlog | 1 Emlog | 2024-11-21 | 5.3 Medium |
| emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file. | ||||
| CVE-2021-3283 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 High |
| HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3. | ||||
| CVE-2021-3254 | 1 Asus | 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware | 2024-11-21 | 7.5 High |
| Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. | ||||
| CVE-2021-3229 | 1 Asus | 2 Rt-ax3000, Rt-ax3000 Firmware | 2024-11-21 | 7.5 High |
| Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. | ||||
| CVE-2021-3193 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.8 Critical |
| Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. | ||||
| CVE-2021-3191 | 1 Hpe | 2 Nonstop, Web Viewpoint | 2024-11-21 | 8.8 High |
| Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H). | ||||
| CVE-2021-3134 | 1 Mubu | 1 Mubu | 2024-11-21 | 7.8 High |
| Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878. | ||||
| CVE-2021-3038 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 5.5 Medium |
| A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4. | ||||
| CVE-2021-3024 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.3 Medium |
| HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7. | ||||
| CVE-2021-3022 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021). | ||||
| CVE-2021-3017 | 1 Intelbras | 4 Win 300, Win 300 Firmware, Wrn 342 and 1 more | 2024-11-21 | 7.5 High |
| The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. | ||||
| CVE-2021-3013 | 2 Microsoft, Ripgrep Project | 2 Windows, Ripgrep | 2024-11-21 | 9.8 Critical |
| ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. | ||||
| CVE-2021-3005 | 1 Mk-auth | 1 Mk-auth | 2024-11-21 | 4.3 Medium |
| MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. | ||||
| CVE-2021-39998 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | ||||
| CVE-2021-39994 | 1 Huawei | 1 Emui | 2024-11-21 | 9.8 Critical |
| There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-39991 | 1 Huawei | 1 Emui | 2024-11-21 | 5.5 Medium |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-39986 | 1 Huawei | 1 Emui | 2024-11-21 | 5.5 Medium |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | ||||