Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28693 | 1 Xen | 1 Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.
|
|||||
| CVE-2021-28690 | 1 Xen | 1 Xen | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.
|
|||||
| CVE-2021-28680 | 1 Devise Masquerade Project | 1 Devise Masquerade | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from imper ...
Show More |
|||||
| CVE-2021-28677 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
|
|||||
| CVE-2021-28673 | 1 Xerox | 46 Phaser 6510, Phaser 6510 Firmware, Versalink B400 and 43 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505 ...
Show More |
|||||
| CVE-2021-28671 | 1 Xerox | 48 Phaser 6510, Phaser 6510 Firmware, Versalink B400 and 45 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505 ...
Show More |
|||||
| CVE-2021-28670 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
|
|||||
| CVE-2021-28566 | 1 Magento | 1 Magento | 2024-11-21 | 4.0 MEDIUM | 3.7 LOW |
|
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
|
|||||
| CVE-2021-28547 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud Desktop Application, Macos, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority.
|
|||||
| CVE-2021-28507 | 1 Arista | 1 Eos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
|
|||||
| CVE-2021-28501 | 1 Arista | 1 Terminattr | 2024-11-21 | 6.9 MEDIUM | 9.1 CRITICAL |
|
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
|
|||||
| CVE-2021-28483 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 7.7 HIGH | 9.0 CRITICAL |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28482 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28481 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28480 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28479 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows CSC Service Information Disclosure Vulnerability
|
|||||
| CVE-2021-28477 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28476 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
|
Windows Hyper-V Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28475 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28473 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28472 | 1 Microsoft | 1 Vscode-maven | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28471 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28470 | 1 Microsoft | 1 Visual Studio Code Github Pull Requests And Issues | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28469 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28466 | 1 Microsoft | 1 Raw Image Extension | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Raw Image Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28464 | 1 Microsoft | 1 Vp9 Video Extensions | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
VP9 Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28460 | 1 Microsoft | 1 Azure Sphere | 2024-11-21 | 4.6 MEDIUM | 8.1 HIGH |
|
Azure Sphere Unsigned Code Execution Vulnerability
|
|||||
| CVE-2021-28458 | 1 Microsoft | 1 Ms-rest-nodeauth | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-28457 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28456 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Microsoft Excel Information Disclosure Vulnerability
|
|||||
| CVE-2021-28455 | 1 Microsoft | 10 365 Apps, Office, Windows 10 and 7 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28453 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Word Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28451 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28450 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
Microsoft SharePoint Denial of Service Vulnerability
|
|||||
| CVE-2021-28449 | 1 Microsoft | 3 365 Apps, Excel, Office | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Office Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28448 | 1 Microsoft | 1 Visual Studio Code Kubernetes Tools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28447 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
|
|||||
| CVE-2021-28446 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 7.1 HIGH |
|
Windows Portmapping Information Disclosure Vulnerability
|
|||||
| CVE-2021-28445 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
|
Windows Network File System Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28444 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2012 and 2 more | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
|
Windows Hyper-V Security Feature Bypass Vulnerability
|
|||||