Total
34289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36923 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2024-11-21 | 7.8 High |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | ||||
| CVE-2021-36922 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2024-11-21 | 7.8 High |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | ||||
| CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2024-11-21 | 6.1 Medium |
| A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | ||||
| CVE-2021-36797 | 1 Victronenergy | 1 Venus Os | 2024-11-21 | 6.8 Medium |
| In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about an alleged "security best practices" violation | ||||
| CVE-2021-36794 | 1 Siren | 1 Investigate | 2024-11-21 | 9.8 Critical |
| In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. | ||||
| CVE-2021-36791 | 1 Dated News Project | 1 Dated News | 2024-11-21 | 5.3 Medium |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. | ||||
| CVE-2021-36774 | 1 Apache | 1 Kylin | 2024-11-21 | 6.5 Medium |
| Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions. | ||||
| CVE-2021-36769 | 1 Telegram | 2 Telegram, Telegram Desktop | 2024-11-21 | 5.3 Medium |
| A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. | ||||
| CVE-2021-36721 | 1 Sysaid | 1 Application Programming Interface | 2024-11-21 | 4.4 Medium |
| Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server. | ||||
| CVE-2021-36701 | 1 Htmly | 1 Htmly | 2024-11-21 | 9.1 Critical |
| In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host. | ||||
| CVE-2021-36366 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.8 Critical |
| Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | ||||
| CVE-2021-36364 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.8 Critical |
| Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | ||||
| CVE-2021-36346 | 1 Dell | 2 Integrated Dell Remote Access Controller 8, Integrated Dell Remote Access Controller 8 Firmware | 2024-11-21 | 5.3 Medium |
| Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver. | ||||
| CVE-2021-36315 | 1 Dell | 38 Emc Powerscale Nodes A100, Emc Powerscale Nodes A100 Firmware, Emc Powerscale Nodes A200 and 35 more | 2024-11-21 | 6.8 Medium |
| Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity. | ||||
| CVE-2021-36314 | 1 Dell | 1 Emc Cloud Link | 2024-11-21 | 7.1 High |
| Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system. | ||||
| CVE-2021-36235 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 7.8 High |
| An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. | ||||
| CVE-2021-36215 | 1 Linecorp | 1 Line | 2024-11-21 | 5.3 Medium |
| LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling. | ||||
| CVE-2021-36213 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1. | ||||
| CVE-2021-36199 | 1 Johnsoncontrols | 1 Videoedge | 2024-11-21 | 5.3 Medium |
| Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. | ||||
| CVE-2021-36162 | 1 Apache | 1 Dubbo | 2024-11-21 | 8.8 High |
| Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, ...) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2 | ||||