Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-2011 | 4 Fedoraproject, Mariadb, Netapp and 1 more | 6 Fedora, Mariadb, Active Iq Unified Manager and 3 more | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
|
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). C ...
Show More |
|||||
| CVE-2021-2010 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Active Iq Unified Manager, Oncommand Insight and 2 more | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
|
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial den ...
Show More |
|||||
| CVE-2021-2009 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS V ...
Show More |
|||||
| CVE-2021-2008 | 1 Oracle | 1 Enterprise Manager | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware a ...
Show More |
|||||
| CVE-2021-2007 | 4 Fedoraproject, Mariadb, Netapp and 1 more | 6 Fedora, Mariadb, Active Iq Unified Manager and 3 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vecto ...
Show More |
|||||
| CVE-2021-2006 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Active Iq Unified Manager, Oncommand Insight and 2 more | 2024-11-21 | 6.3 MEDIUM | 5.3 MEDIUM |
|
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/ ...
Show More |
|||||
| CVE-2021-2005 | 1 Oracle | 1 Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business In ...
Show More |
|||||
| CVE-2021-2004 | 1 Oracle | 1 Server Bizlogic Script | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server BizLogic Script. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server BizLogic Script accessible data. CVSS 3.1 Base Score 4.3 ...
Show More |
|||||
| CVE-2021-2003 | 1 Oracle | 1 Business Intelligence | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Busine ...
Show More |
|||||
| CVE-2021-2002 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vecto ...
Show More |
|||||
| CVE-2021-2001 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4 ...
Show More |
|||||
| CVE-2021-2000 | 1 Oracle | 1 Database Server | 2024-11-21 | 3.5 LOW | 2.4 LOW |
|
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of U ...
Show More |
|||||
| CVE-2021-29993 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92.
|
|||||
| CVE-2021-29983 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91.
|
|||||
| CVE-2021-29981 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.
|
|||||
| CVE-2021-29978 | 1 Mozilla | 1 Mozilla Vpn | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3.
|
|||||
| CVE-2021-29974 | 1 Mozilla | 1 Firefox | 2024-11-21 | 2.6 LOW | 4.3 MEDIUM |
|
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.
|
|||||
| CVE-2021-29923 | 3 Fedoraproject, Golang, Oracle | 3 Fedora, Go, Timesten In-memory Database | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
|
|||||
| CVE-2021-29922 | 1 Rust-lang | 1 Rust | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
|
|||||
| CVE-2021-29908 | 1 Ibm | 2 Ts7700, Ts7700 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.
|
|||||
| CVE-2021-29906 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
|
|||||
| CVE-2021-29899 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
|
|||||
| CVE-2021-29880 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979.
|
|||||
| CVE-2021-29875 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.
|
|||||
| CVE-2021-29873 | 1 Ibm | 12 Flashsystem 9000, Flashsystem 9000 Firmware, Flashsystem 9100 and 9 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
|
|||||
| CVE-2021-29867 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.
|
|||||
| CVE-2021-29862 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.
|
|||||
| CVE-2021-29861 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.
|
|||||
| CVE-2021-29860 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.
|
|||||
| CVE-2021-29859 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.
|
|||||
| CVE-2021-29856 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.
|
|||||
| CVE-2021-29851 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.
|
|||||
| CVE-2021-29847 | 1 Ibm | 10 Power Hardware Management Console \(7063-cr1\), Power Hardware Management Console \(7063-cr1\) Firmware, Power System Cs821lc \(8005-12n\) and 7 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267.
|
|||||
| CVE-2021-29843 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.
|
|||||
| CVE-2021-29825 | 5 Ibm, Linux, Microsoft and 2 more | 6 Aix, Db2, Linux Kernel and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
|
|||||
| CVE-2021-29824 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.
|
|||||
| CVE-2021-29801 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.
|
|||||
| CVE-2021-29785 | 2 Ibm, Linux | 2 Soar, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169.
|
|||||
| CVE-2021-29776 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.
|
|||||
| CVE-2021-29774 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
|
|||||