Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33161 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33155 | 1 Intel | 32 Ac3168, Ac3168 Firmware, Ac 1550 and 29 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-33146 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2021-33142 | 2024-11-21 | N/A | 6.0 MEDIUM | ||
| Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-33141 | 2024-11-21 | N/A | 8.6 HIGH | ||
| Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2021-33115 | 1 Intel | 13 Ac 3165, Ac 3168, Ac 7265 and 10 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2021-33114 | 2 Intel, Microsoft | 17 Ac 1550 Firmware, Ac 3165 Firmware, Ac 3168 Firmware and 14 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-33113 | 2 Intel, Microsoft | 17 Ac 1550 Firmware, Ac 3165 Firmware, Ac 3168 Firmware and 14 more | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | |||||
| CVE-2021-33110 | 2 Intel, Microsoft | 17 Ac 1550 Firmware, Ac 3165 Firmware, Ac 3168 Firmware and 14 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-33108 | 1 Intel | 1 In-band Manageability | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33098 | 1 Intel | 4 Ethernet 500 Series Controllers Driver, Ethernet Connection X540, Ethernet Connection X550 and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-33059 | 1 Intel | 1 Administrative Tools For Intel Network Adapters | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33025 | 1 Xarrow | 1 Xarrow | 2024-11-21 | 4.6 MEDIUM | 5.6 MEDIUM |
| xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. | |||||
| CVE-2021-33012 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 Firmware | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. | |||||
| CVE-2021-32974 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | |||||
| CVE-2021-32970 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. | |||||
| CVE-2021-32795 | 1 Archisteamfarm Project | 1 Archisteamfarm | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allows attacker to remotely crash running ASF instance through sending a specifically-crafted Steam chat message exists. The user sending the message does not need to be authorized within the bot or ASF process. The attacker needs to know ASF's `CommandPrefix` in advance, but majority of ASF setups run with an unchanged default value. This attack does not allow attacker to gain any potentially-sensitive information, such as logins or passwords, does not allow to execute arbitrary commands and otherwise exploit the crash further. The issue is patched in ASF V4.3.1.0. The only workaround which guarantees complete protection is running all bots with `OnlineStatus` of `0` (Offline). In this setup, ASF is able to ignore even the specifically-crafted message without attempting to interpret it. | |||||
| CVE-2021-32759 | 1 Openmage | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue. | |||||
| CVE-2021-32707 | 1 Nextcloud | 1 Mail | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist. | |||||
| CVE-2021-32697 | 1 Neos | 1 Form | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567 | |||||