Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27792 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
|
|||||
| CVE-2021-27780 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
|
|||||
| CVE-2021-27772 | 1 Hcltech | 1 Sametime | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
|
Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.
|
|||||
| CVE-2021-27769 | 1 Hcltech | 1 Sametime | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an attack should be limited whenever possible.
|
|||||
| CVE-2021-27762 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 7.5 HIGH | 4.7 MEDIUM |
|
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
|
|||||
| CVE-2021-27760 | 1 Hcltech | 1 Hcl Inotes | 2024-11-21 | 6.0 MEDIUM | 4.6 MEDIUM |
|
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
|
|||||
| CVE-2021-27737 | 1 Apache | 1 Traffic Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
|
|||||
| CVE-2021-27653 | 1 Pega | 1 Infinity | 2024-11-21 | 4.0 MEDIUM | 6.6 MEDIUM |
|
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
|
|||||
| CVE-2021-27637 | 1 Sap | 1 Enable Now | 2024-11-21 | 1.9 LOW | 4.6 MEDIUM |
|
Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.
|
|||||
| CVE-2021-27621 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.
|
|||||
| CVE-2021-27616 | 1 Sap | 2 Business-one-hana-chef-cookbook, Business One | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.
|
|||||
| CVE-2021-27613 | 1 Sap | 1 Chef Business-one-cookbook | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability.
|
|||||
| CVE-2021-27603 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.
|
|||||
| CVE-2021-27599 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.
|
|||||
| CVE-2021-27596 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27595 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27594 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27593 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27592 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27591 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27590 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27589 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27588 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27587 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27586 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27585 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27584 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-27579 | 1 Snowsoftware | 1 Snow Inventory Agent | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.
|
|||||
| CVE-2021-27576 | 1 Apache | 1 Openmeetings | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
|
|||||
| CVE-2021-27523 | 1 Open-falcon | 1 Dashboard | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.
|
|||||
| CVE-2021-27516 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
|
|||||
| CVE-2021-27515 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
|
|||||
| CVE-2021-27506 | 3 Clamav, Netasq Project, Stormshield | 3 Clamav, Netasq, Stormshield Network Security | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
|
|||||
| CVE-2021-27501 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
|
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
|
|||||
| CVE-2021-27374 | 1 Vertigis | 1 Weboffice | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."
|
|||||
| CVE-2021-27363 | 3 Debian, Linux, Netapp | 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actuall ...
Show More |
|||||
| CVE-2021-27358 | 2 Grafana, Netapp | 2 Grafana, E-series Performance Analyzer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
|
|||||
| CVE-2021-27235 | 1 Mutare | 1 Voice | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database.
|
|||||
| CVE-2021-27231 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
|
|||||
| CVE-2021-27223 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS
|
|||||