Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31232 | 1 Linuxfoundation | 1 Cortex | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
|
|||||
| CVE-2021-31231 | 1 Grafana | 1 Enterprise Metrics | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
|
|||||
| CVE-2021-31225 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
|
SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed.
|
|||||
| CVE-2021-31224 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 3.5 LOW |
|
SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.
|
|||||
| CVE-2021-31223 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
|
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.
|
|||||
| CVE-2021-31222 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
|
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.
|
|||||
| CVE-2021-31221 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
|
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.
|
|||||
| CVE-2021-31220 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 2.3 LOW | 5.2 MEDIUM |
|
SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.
|
|||||
| CVE-2021-31215 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
|
|||||
| CVE-2021-31214 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31213 | 1 Microsoft | 1 Remote | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31211 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31208 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Container Manager Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31206 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 7.9 HIGH | 7.6 HIGH |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31205 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Windows SMB Client Security Feature Bypass Vulnerability
|
|||||
| CVE-2021-31204 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, .net Core and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
.NET and Visual Studio Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31200 | 1 Microsoft | 1 Neural Network Intelligence | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Common Utilities Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31194 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
OLE Automation Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31193 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows SSDP Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31192 | 1 Microsoft | 1 Windows 10 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Windows Media Foundation Core Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31191 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
|
|||||
| CVE-2021-31190 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31186 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
|
|||||
| CVE-2021-31185 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows Desktop Bridge Denial of Service Vulnerability
|
|||||
| CVE-2021-31184 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
|
|||||
| CVE-2021-31183 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Windows TCP/IP Driver Denial of Service Vulnerability
|
|||||
| CVE-2021-31182 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 4.8 MEDIUM | 7.1 HIGH |
|
Microsoft Bluetooth Driver Spoofing Vulnerability
|
|||||
| CVE-2021-31180 | 1 Microsoft | 3 365 Apps, Office, Word | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Office Graphics Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31179 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Office Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31171 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
Microsoft SharePoint Information Disclosure Vulnerability
|
|||||
| CVE-2021-31153 | 1 Please Project | 1 Please | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.
|
|||||
| CVE-2021-31009 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5.
|
|||||
| CVE-2021-31005 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types.
|
|||||
| CVE-2021-30998 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address.
|
|||||
| CVE-2021-30994 | 1 Apple | 1 Macos | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.
|
|||||
| CVE-2021-30992 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata.
|
|||||
| CVE-2021-30990 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.
|
|||||
| CVE-2021-30986 | 1 Apple | 1 Macos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A device configuration issue was addressed with an updated configuration. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked by its Bluetooth MAC address.
|
|||||
| CVE-2021-30976 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.
|
|||||
| CVE-2021-30970 | 1 Apple | 1 Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.
|
|||||