Total
34285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33740 | 1 Microsoft | 6 Windows 10, Windows 10 1507, Windows 10 1809 and 3 more | 2024-11-21 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2021-33699 | 1 Sap | 1 Fiori Client | 2024-11-21 | 6.5 Medium |
| Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information. | ||||
| CVE-2021-33686 | 1 Sap | 1 Business One | 2024-11-21 | 5.3 Medium |
| Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. | ||||
| CVE-2021-33670 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.5 High |
| SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | ||||
| CVE-2021-33667 | 1 Sap | 1 Businessobjects Web Intelligence | 2024-11-21 | 4.3 Medium |
| Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. | ||||
| CVE-2021-33663 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.3 Medium |
| SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application. | ||||
| CVE-2021-33662 | 1 Sap | 1 Business One | 2024-11-21 | 4.4 Medium |
| Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | ||||
| CVE-2021-33638 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. | ||||
| CVE-2021-33637 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. | ||||
| CVE-2021-33636 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula load command is used to load malicious images, attackers can execute arbitrary code. | ||||
| CVE-2021-33635 | 1 Openeuler | 1 Isula | 2024-11-21 | 9.8 Critical |
| When malicious images are pulled by isula pull, attackers can execute arbitrary code. | ||||
| CVE-2021-33634 | 1 Openeuler | 1 Icr | 2024-11-21 | 6.3 Medium |
| iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS. | ||||
| CVE-2021-33617 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | ||||
| CVE-2021-33603 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | 5.5 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | ||||
| CVE-2021-33602 | 1 F-secure | 4 Atlant, Cloud Protection, Internet Gatekeeper and 1 more | 2024-11-21 | 5.5 Medium |
| A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | ||||
| CVE-2021-33601 | 1 F-secure | 1 Internet Gatekeeper | 2024-11-21 | 7.6 High |
| A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server. | ||||
| CVE-2021-33598 | 3 Apple, F-secure, Microsoft | 5 Macos, Atlant, Elements Endpoint Protection and 2 more | 2024-11-21 | 4.6 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | ||||
| CVE-2021-33597 | 3 Apple, F-secure, Microsoft | 6 Macos, Business Suite, Client Security and 3 more | 2024-11-21 | 3.5 Low |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | ||||
| CVE-2021-33587 | 2 Css-what Project, Netapp | 2 Css-what, E-series Performance Analyzer | 2024-11-21 | 7.5 High |
| The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. | ||||
| CVE-2021-33575 | 1 Pixar | 1 Ruby-jss | 2024-11-21 | 9.8 Critical |
| The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing. | ||||