Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31947 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31946 | 1 Microsoft | 1 Paint 3d | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Paint 3D Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31945 | 1 Microsoft | 1 Paint 3d | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Paint 3D Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31944 | 1 Microsoft | 1 3d Viewer | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
3D Viewer Information Disclosure Vulnerability
|
|||||
| CVE-2021-31943 | 1 Microsoft | 1 3d Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
3D Viewer Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31942 | 1 Microsoft | 1 3d Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
3D Viewer Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31941 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Office Graphics Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31940 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Office Graphics Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31939 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31938 | 1 Microsoft | 1 Kubernetes Tools | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
|
Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31936 | 1 Microsoft | 1 Accessibility Insights For Web | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
Microsoft Accessibility Insights for Web Information Disclosure Vulnerability
|
|||||
| CVE-2021-31928 | 1 Annexcloud | 1 Loyalty Experience Platform | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2.
|
|||||
| CVE-2021-31914 | 2 Jetbrains, Microsoft | 2 Teamcity, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
|
|||||
| CVE-2021-31906 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
|
|||||
| CVE-2021-31905 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
|
|||||
| CVE-2021-31900 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host.
|
|||||
| CVE-2021-31899 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode.
|
|||||
| CVE-2021-31897 | 1 Jetbrains | 1 Webstorm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
|
|||||
| CVE-2021-31874 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
|
|||||
| CVE-2021-31865 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
|
|||||
| CVE-2021-31864 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
|
|||||
| CVE-2021-31857 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.
|
|||||
| CVE-2021-31839 | 1 Mcafee | 1 Agent | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
|
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.
|
|||||
| CVE-2021-31836 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 3.6 LOW | 5.6 MEDIUM |
|
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
|
|||||
| CVE-2021-31833 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
|
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.
|
|||||
| CVE-2021-31702 | 1 Frontiersoftware | 1 Ichris | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.
|
|||||
| CVE-2021-31613 | 1 Zh-jieli | 10 Ac6901, Ac6901 Firmware, Ac6921 and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet.
|
|||||
| CVE-2021-31612 | 1 Zh-jieli | 24 Ac6901, Ac6901 Firmware, Ac6902 and 21 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.
|
|||||
| CVE-2021-31610 | 2 Bluetrum, Mi | 6 Ab5376t, Ab5376t Firmware, Bt8896a and 3 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.
|
|||||
| CVE-2021-31609 | 1 Silabs | 2 Iwrap, Wt32i-a | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.
|
|||||
| CVE-2021-31585 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.
|
|||||
| CVE-2021-31559 | 1 Splunk | 1 Splunk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
|
|||||
| CVE-2021-31518 | 1 Trendmicro | 1 Home Network Security | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31517.
|
|||||
| CVE-2021-31517 | 1 Trendmicro | 1 Home Network Security | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31518.
|
|||||
| CVE-2021-31414 | 1 Rpm Spec Project | 1 Rpm Spec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
|
|||||
| CVE-2021-31381 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.
|
|||||
| CVE-2021-31380 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.
|
|||||
| CVE-2021-31374 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to ...
Show More |
|||||
| CVE-2021-31371 | 1 Juniper | 6 Junos, Qfx5100, Qfx5110 and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS on QFX5110, QFX5120, QFX5200, QFX5210 Series, and QFX5100 with QFX 5e Series image installed: All versio ...
Show More |
|||||
| CVE-2021-31349 | 1 Juniper | 2 128 Technology Session Smart Router, 128 Technology Session Smart Router Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.
|
|||||