Total
15186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20483 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
|
|||||
| CVE-2021-20480 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.
|
|||||
| CVE-2021-20448 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624.
|
|||||
| CVE-2021-20446 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622.
|
|||||
| CVE-2021-20445 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.
|
|||||
| CVE-2021-20444 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620.
|
|||||
| CVE-2021-20443 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.
|
|||||
| CVE-2021-20433 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.
|
|||||
| CVE-2021-20432 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344.
|
|||||
| CVE-2021-20431 | 3 Ibm, Linux, Microsoft | 3 I2 Analysts Notebook, Linux Kernel, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.
|
|||||
| CVE-2021-20430 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.
|
|||||
| CVE-2021-20428 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.
|
|||||
| CVE-2021-20427 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.
|
|||||
| CVE-2021-20426 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313.
|
|||||
| CVE-2021-20421 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
|
|||||
| CVE-2021-20420 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281.
|
|||||
| CVE-2021-20419 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.
|
|||||
| CVE-2021-20418 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.
|
|||||
| CVE-2021-20412 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.
|
|||||
| CVE-2021-20411 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.
|
|||||
| CVE-2021-20410 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.
|
|||||
| CVE-2021-20409 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188.
|
|||||
| CVE-2021-20408 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.
|
|||||
| CVE-2021-20407 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185.
|
|||||
| CVE-2021-20406 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 2.2 LOW |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184.
|
|||||
| CVE-2021-20400 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.
|
|||||
| CVE-2021-20399 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.
|
|||||
| CVE-2021-20389 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.
|
|||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
|
|||||
| CVE-2021-20355 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.
|
|||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.
|
|||||
| CVE-2021-20337 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.
|
|||||
| CVE-2021-20322 | 5 Debian, Fedoraproject, Linux and 2 more | 32 Debian Linux, Fedora, Linux Kernel and 29 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
|
|||||
| CVE-2021-20321 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
|
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
|
|||||
| CVE-2021-20320 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
|
|||||
| CVE-2021-20317 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
|
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.
|
|||||
| CVE-2021-20292 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
|
|||||
| CVE-2021-20268 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
|||||
| CVE-2021-20265 | 2 Linux, Oracle | 2 Linux Kernel, Tekelec Platform Distribution | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2021-20261 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
|
|||||