Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28329 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Remote Procedure Call Runtime Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28328 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Windows DNS Information Disclosure Vulnerability
|
|||||
| CVE-2021-28327 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Remote Procedure Call Runtime Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28326 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
Windows AppX Deployment Server Denial of Service Vulnerability
|
|||||
| CVE-2021-28325 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Windows SMB Information Disclosure Vulnerability
|
|||||
| CVE-2021-28324 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Windows SMB Information Disclosure Vulnerability
|
|||||
| CVE-2021-28320 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-28319 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Windows TCP/IP Driver Denial of Service Vulnerability
|
|||||
| CVE-2021-28318 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows GDI+ Information Disclosure Vulnerability
|
|||||
| CVE-2021-28317 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Microsoft Windows Codecs Library Information Disclosure Vulnerability
|
|||||
| CVE-2021-28316 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
|
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
|
|||||
| CVE-2021-28315 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Media Video Decoder Remote Code Execution Vulnerability
|
|||||
| CVE-2021-28314 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Hyper-V Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-28312 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Windows NTFS Denial of Service Vulnerability
|
|||||
| CVE-2021-28311 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Windows Application Compatibility Cache Denial of Service Vulnerability
|
|||||
| CVE-2021-28309 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows Kernel Information Disclosure Vulnerability
|
|||||
| CVE-2021-28276 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
|
|||||
| CVE-2021-28213 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
|
|||||
| CVE-2021-28156 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
|
|||||
| CVE-2021-28155 | 1 Jbl | 2 Tune500bt, Tune500bt Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.
|
|||||
| CVE-2021-28139 | 1 Espressif | 2 Esp-idf, Esp32 | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.
|
|||||
| CVE-2021-28134 | 1 Clipper Project | 1 Clipper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
|
|||||
| CVE-2021-28121 | 1 Virtual Robots.txt Project | 1 Virtual Robots.txt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.
|
|||||
| CVE-2021-28119 | 1 Twinkletray | 1 Twinkle Tray | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
|
|||||
| CVE-2021-28117 | 1 Kde | 1 Discover | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
|
|||||
| CVE-2021-28100 | 1 Netflix | 1 Priam | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.
|
|||||
| CVE-2021-28075 | 1 Ikuai8 | 1 Ikuaios | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.
|
|||||
| CVE-2021-28037 | 1 Internment Project | 1 Internment | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>.
|
|||||
| CVE-2021-27983 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.
|
|||||
| CVE-2021-27962 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
|
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
|
|||||
| CVE-2021-27942 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed.
|
|||||
| CVE-2021-27932 | 1 Stormshield | 1 Ssl Vpn Client | 2024-11-21 | N/A | 7.8 HIGH |
|
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.
|
|||||
| CVE-2021-27919 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
|
|||||
| CVE-2021-27904 | 1 Misp | 1 Misp | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
|
|||||
| CVE-2021-27901 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
|
|||||
| CVE-2021-27893 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.
|
|||||
| CVE-2021-27892 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.
|
|||||
| CVE-2021-27891 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.
|
|||||
| CVE-2021-27823 | 1 Mediateknet | 1 Netwave System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system.
|
|||||
| CVE-2021-27796 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
|
|||||