Total
12868 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20252 | 1 Redhat | 1 3scale Api Management | 2024-11-21 | 6.5 Medium |
| A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20247 | 3 Debian, Fedoraproject, Mbsync Project | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-11-21 | 7.4 High |
| A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-20222 | 1 Redhat | 1 Keycloak | 2024-11-21 | 7.5 High |
| A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20206 | 2 Linuxfoundation, Redhat | 3 Container Network Interface, Container Native Virtualization, Openshift | 2024-11-21 | 7.2 High |
| An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2021-20195 | 1 Redhat | 1 Keycloak | 2024-11-21 | 9.6 Critical |
| A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20194 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2024-11-21 | 7.8 High |
| There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. | ||||
| CVE-2021-1970 | 1 Qualcomm | 236 Apq8053, Apq8053 Firmware, Aqt1000 and 233 more | 2024-11-21 | 7.5 High |
| Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | ||||
| CVE-2021-1969 | 1 Qualcomm | 124 Aqt1000, Aqt1000 Firmware, Ar8031 and 121 more | 2024-11-21 | 6.2 Medium |
| Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2021-1968 | 1 Qualcomm | 124 Aqt1000, Aqt1000 Firmware, Ar8031 and 121 more | 2024-11-21 | 6.2 Medium |
| Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2021-1965 | 1 Qualcomm | 252 Aqt1000, Aqt1000 Firmware, Ar9380 and 249 more | 2024-11-21 | 9.8 Critical |
| Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2021-1960 | 1 Qualcomm | 276 Aqt1000, Aqt1000 Firmware, Ar8031 and 273 more | 2024-11-21 | 6.5 Medium |
| Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2021-1826 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.1 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2021-1825 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2024-11-21 | 6.1 Medium |
| An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | ||||
| CVE-2021-1820 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
| CVE-2021-1817 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-1807 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-11-21 | 5.5 Medium |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. | ||||
| CVE-2021-1748 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-21 | 8.8 High |
| A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | ||||
| CVE-2021-1602 | 1 Cisco | 6 Small Business Rv160, Small Business Rv160w, Small Business Rv260 and 3 more | 2024-11-21 | 8.2 High |
| A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. | ||||
| CVE-2021-1588 | 1 Cisco | 67 Nexus 3000, Nexus 3048, Nexus 31108pc-v and 64 more | 2024-11-21 | 8.6 High |
| A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. | ||||
| CVE-2021-1570 | 1 Cisco | 1 Jabber | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | ||||