Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26339 | 1 Amd | 168 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 165 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
|
|||||
| CVE-2021-26337 | 1 Amd | 224 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 221 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
|
|||||
| CVE-2021-26335 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution.
|
|||||
| CVE-2021-26332 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
|
Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability.
|
|||||
| CVE-2021-26331 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
|
|||||
| CVE-2021-26324 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.
|
|||||
| CVE-2021-26317 | 1 Amd | 147 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 144 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
|
|||||
| CVE-2021-26310 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
|
|||||
| CVE-2021-26308 | 1 Marc Project | 1 Marc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.
|
|||||
| CVE-2021-26277 | 2 Google, Vivo | 2 Android, Frame Service | 2024-11-21 | N/A | 5.6 MEDIUM |
|
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.
|
|||||
| CVE-2021-26267 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
|
|||||
| CVE-2021-26253 | 1 Splunk | 1 Splunk | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
|
|||||
| CVE-2021-26198 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.
|
|||||
| CVE-2021-26119 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
|
|||||
| CVE-2021-26095 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
|
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.
|
|||||
| CVE-2021-26081 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
|
|||||
| CVE-2021-26076 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https.
|
|||||
| CVE-2021-26075 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
|
|||||
| CVE-2021-26031 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
|
|||||
| CVE-2021-25906 | 1 Basic Dsp Matrix Project | 1 Basic Dsp Matrix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
|
|||||
| CVE-2021-25902 | 1 Glsl-layout Project | 1 Glsl-layout | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.
|
|||||
| CVE-2021-25901 | 1 Lazy-init Project | 1 Lazy-init | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
|
|||||
| CVE-2021-25857 | 1 Supermicro-cms Project | 1 Supermicro-cms | 2024-11-21 | N/A | 7.2 HIGH |
|
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.
|
|||||
| CVE-2021-25856 | 1 Supermicro-cms Project | 1 Supermicro-cms | 2024-11-21 | N/A | 4.9 MEDIUM |
|
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.
|
|||||
| CVE-2021-25837 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".
|
|||||
| CVE-2021-25836 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.
|
|||||
| CVE-2021-25831 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer.
|
|||||
| CVE-2021-25830 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer.
|
|||||
| CVE-2021-25829 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.
|
|||||
| CVE-2021-25811 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
|
|||||
| CVE-2021-25775 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.5 MEDIUM | 3.8 LOW |
|
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
|
|||||
| CVE-2021-25772 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
|
|||||
| CVE-2021-25771 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
|
|||||
| CVE-2021-25769 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
|
|||||
| CVE-2021-25767 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
|
|||||
| CVE-2021-25766 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
|
|||||
| CVE-2021-25764 | 1 Jetbrains | 1 Phpstorm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.
|
|||||
| CVE-2021-25760 | 1 Jetbrains | 1 Hub | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
|
|||||
| CVE-2021-25759 | 1 Jetbrains | 1 Hub | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
|
|||||
| CVE-2021-25756 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.
|
|||||