Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22154 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.
|
|||||
| CVE-2021-22112 | 3 Oracle, Pivotal Software, Vmware | 8 Communications Element Manager, Communications Interactive Session Recorder, Communications Unified Inventory Management and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the a ...
Show More |
|||||
| CVE-2021-22060 | 2 Oracle, Vmware | 3 Communications Cloud Native Core Console, Communications Cloud Native Core Service Communication Proxy, Spring Framework | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
|
|||||
| CVE-2021-22057 | 2 Linux, Vmware | 2 Linux Kernel, Workspace One Access | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
|
|||||
| CVE-2021-22041 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
|
|||||
| CVE-2021-22034 | 1 Vmware | 1 Vrealize Operations Tenant | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.
|
|||||
| CVE-2021-22020 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
|
|||||
| CVE-2021-22019 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
|
|||||
| CVE-2021-22018 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
|
|||||
| CVE-2021-22014 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
|
|||||
| CVE-2021-22011 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
|
|||||
| CVE-2021-22008 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
|
|||||
| CVE-2021-22007 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
|
|||||
| CVE-2021-22006 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
|
|||||
| CVE-2021-22001 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.
|
|||||
| CVE-2021-21997 | 2 Microsoft, Vmware | 2 Windows, Tools | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.
|
|||||
| CVE-2021-21996 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
|
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
|
|||||
| CVE-2021-21992 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.
|
|||||
| CVE-2021-21991 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).
|
|||||
| CVE-2021-21983 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
|
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
|
|||||
| CVE-2021-21980 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
|
|||||
| CVE-2021-21751 | 1 Zte | 1 Zxin10 Cms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
|
|||||
| CVE-2021-21744 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.
|
|||||
| CVE-2021-21727 | 1 Zte | 2 Zxhn F623, Zxhn F623 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33>
|
|||||
| CVE-2021-21682 | 2 Jenkins, Microsoft | 2 Jenkins, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
|
|||||
| CVE-2021-21596 | 1 Dell | 2 Openmanage Enterprise, Openmanage Enterprise-modular | 2024-11-21 | 5.8 MEDIUM | 9.6 CRITICAL |
|
Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges.
|
|||||
| CVE-2021-21522 | 1 Dell | 56 Latitude 5285 2-in-1, Latitude 5285 2-in-1 Firmware, Latitude 5289 2-in-1 and 53 more | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
|
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.
|
|||||
| CVE-2021-21493 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
|
|||||
| CVE-2021-21485 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
|
|||||
| CVE-2021-21483 | 1 Sap | 1 Solution Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application.
|
|||||
| CVE-2021-21482 | 1 Sap | 1 Netweaver Master Data Management | 2024-11-21 | 4.8 MEDIUM | 8.3 HIGH |
|
SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative acc ...
Show More |
|||||
| CVE-2021-21448 | 1 Sap | 1 Graphical User Interface | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.
|
|||||
| CVE-2021-21446 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.
|
|||||
| CVE-2021-21443 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
|
|||||
| CVE-2021-21440 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 5.2 MEDIUM |
|
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
|
|||||
| CVE-2021-21420 | 1 Stripe | 1 Stripe | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
|
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.
|
|||||
| CVE-2021-21212 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
|
|||||
| CVE-2021-21205 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2021-21187 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
|||||
| CVE-2021-21185 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.
|
|||||