Total
34285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31938 | 1 Microsoft | 1 Kubernetes Tools | 2024-11-21 | 7.3 High |
| Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability | ||||
| CVE-2021-31936 | 1 Microsoft | 1 Accessibility Insights For Web | 2024-11-21 | 7.4 High |
| Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | ||||
| CVE-2021-31928 | 1 Annexcloud | 1 Loyalty Experience Platform | 2024-11-21 | 8.8 High |
| Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2. | ||||
| CVE-2021-31914 | 2 Jetbrains, Microsoft | 2 Teamcity, Windows | 2024-11-21 | 9.8 Critical |
| In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. | ||||
| CVE-2021-31906 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 2.7 Low |
| In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. | ||||
| CVE-2021-31905 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. | ||||
| CVE-2021-31900 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 5.3 Medium |
| In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. | ||||
| CVE-2021-31899 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 8.8 High |
| In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode. | ||||
| CVE-2021-31897 | 1 Jetbrains | 1 Webstorm | 2024-11-21 | 9.8 Critical |
| In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. | ||||
| CVE-2021-31874 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.9 Medium |
| Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. | ||||
| CVE-2021-31865 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.3 Medium |
| Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. | ||||
| CVE-2021-31864 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.3 Medium |
| Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. | ||||
| CVE-2021-31857 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 5.9 Medium |
| In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | ||||
| CVE-2021-31839 | 1 Mcafee | 1 Agent | 2024-11-21 | 4.8 Medium |
| Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server. | ||||
| CVE-2021-31836 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 5.6 Medium |
| Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. | ||||
| CVE-2021-31833 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 7.1 High |
| Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. | ||||
| CVE-2021-31702 | 1 Frontiersoftware | 1 Ichris | 2024-11-21 | 7.5 High |
| Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. | ||||
| CVE-2021-31613 | 1 Zh-jieli | 10 Ac6901, Ac6901 Firmware, Ac6921 and 7 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet. | ||||
| CVE-2021-31612 | 1 Zh-jieli | 24 Ac6901, Ac6901 Firmware, Ac6902 and 21 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet. | ||||
| CVE-2021-31610 | 2 Bluetrum, Mi | 6 Ab5376t, Ab5376t Firmware, Bt8896a and 3 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | ||||