Total
9127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43949 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-43938 | 1 Smartptt | 1 Scada Server | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. | |||||
| CVE-2021-43937 | 1 Smartptt | 1 Scada Server | 2024-11-21 | 6.8 MEDIUM | 7.6 HIGH |
| Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | |||||
| CVE-2021-43823 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors. | |||||
| CVE-2021-43792 | 1 Discourse | 1 Discourse | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible. | |||||
| CVE-2021-43536 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-43287 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | |||||
| CVE-2021-43205 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries. | |||||
| CVE-2021-43067 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. | |||||
| CVE-2021-42886 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | |||||
| CVE-2021-42744 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access. | |||||
| CVE-2021-42536 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 4.0 MEDIUM | 8.0 HIGH |
| The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | |||||
| CVE-2021-42523 | 1 Colord Project | 1 Colord | 2024-11-21 | N/A | 7.5 HIGH |
| There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it. | |||||
| CVE-2021-42522 | 1 Gnome | 1 Anjuta | 2024-11-21 | N/A | 7.5 HIGH |
| There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'. | |||||
| CVE-2021-42089 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. | |||||
| CVE-2021-41850 | 3 Bluproducts, Luna, Wikomobile | 10 G9, G90, G90 Firmware and 7 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. | |||||
| CVE-2021-41849 | 3 Bluproducts, Luna, Wikomobile | 10 G9, G90, G90 Firmware and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. | |||||
| CVE-2021-41767 | 1 Apache | 1 Guacamole | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection. | |||||
| CVE-2021-41532 | 1 Apache | 1 Ozone | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. | |||||
| CVE-2021-41301 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. | |||||