Total
13113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21449 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-21140 | 2 Google, Microsoft | 2 Chrome, Edge | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. | |||||
| CVE-2021-21118 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-20988 | 2 Hilscher, Pepperl-fuchs | 17 Rcx Rtos, Ice1-16di-g60l-v1d, Ice1-16di-g60l-v1d Firmware and 14 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. | |||||
| CVE-2021-20589 | 1 Mitsubishi | 12 Gs21, Gs21 Firmware, Gt21 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets. | |||||
| CVE-2021-20325 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd. | |||||
| CVE-2021-20284 | 2 Gnu, Netapp | 3 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20276 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | |||||
| CVE-2021-20275 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. | |||||
| CVE-2021-20239 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-20204 | 3 Debian, Fedoraproject, Getdata Project | 3 Debian Linux, Fedora, Getdata | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. | |||||
| CVE-2021-20019 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | |||||
| CVE-2021-1973 | 1 Qualcomm | 394 Apq8009, Apq8009 Firmware, Apq8009w and 391 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1816 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-1770 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management. | |||||
| CVE-2021-1713 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-1527 | 1 Cisco | 1 Webex Player | 2024-11-21 | 5.8 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex recording files that are stored in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a malicious WRF file to a user as a link or email attachment and then persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the affected software and view memory state information. | |||||
| CVE-2021-1526 | 1 Cisco | 1 Webex Player | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2021-1521 | 1 Cisco | 16 Video Surveillance 8000p, Video Surveillance 8000p Firmware, Video Surveillance 8020 and 13 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected IP camera. A successful exploit could allow the attacker to cause the affected IP camera to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2021-1511 | 1 Cisco | 16 Vedge 100, Vedge 1000, Vedge 1000 Firmware and 13 more | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||