Total
34251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28100 | 1 Netflix | 1 Priam | 2024-11-21 | 5.5 Medium |
| Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process. | ||||
| CVE-2021-28075 | 1 Ikuai8 | 1 Ikuaios | 2024-11-21 | 7.5 High |
| iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2021-28037 | 1 Internment Project | 1 Internment | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. | ||||
| CVE-2021-27983 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 9.8 Critical |
| Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. | ||||
| CVE-2021-27962 | 1 Grafana | 1 Grafana | 2024-11-21 | 7.1 High |
| Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | ||||
| CVE-2021-27942 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-11-21 | 6.8 Medium |
| Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed. | ||||
| CVE-2021-27932 | 1 Stormshield | 1 Ssl Vpn Client | 2024-11-21 | 7.8 High |
| Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. | ||||
| CVE-2021-27919 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2024-11-21 | 5.5 Medium |
| archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | ||||
| CVE-2021-27904 | 1 Misp | 1 Misp | 2024-11-21 | 5.5 Medium |
| An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. | ||||
| CVE-2021-27901 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021). | ||||
| CVE-2021-27893 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2024-11-21 | 7.0 High |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. | ||||
| CVE-2021-27892 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2024-11-21 | 7.8 High |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. | ||||
| CVE-2021-27891 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2024-11-21 | 8.8 High |
| SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected. | ||||
| CVE-2021-27823 | 1 Mediateknet | 1 Netwave System | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system. | ||||
| CVE-2021-27796 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.5 Medium |
| A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries. | ||||
| CVE-2021-27792 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.8 High |
| The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot. | ||||
| CVE-2021-27780 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2024-11-21 | 5.3 Medium |
| The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | ||||
| CVE-2021-27772 | 1 Hcltech | 1 Sametime | 2024-11-21 | 7.1 High |
| Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge. | ||||
| CVE-2021-27769 | 1 Hcltech | 1 Sametime | 2024-11-21 | 5.3 Medium |
| Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an attack should be limited whenever possible. | ||||
| CVE-2021-27762 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 4.7 Medium |
| Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | ||||