Total
654 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | |||||
| CVE-2021-32788 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic. | |||||
| CVE-2021-32760 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Containerd | 2024-11-21 | 6.8 MEDIUM | 5.0 MEDIUM |
| containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. | |||||
| CVE-2021-31410 | 1 Vaadin | 1 Designer | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. | |||||
| CVE-2021-31407 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | |||||
| CVE-2021-31154 | 1 Pleaseedit Project | 1 Pleaseedit | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack. | |||||
| CVE-2021-30921 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen. | |||||
| CVE-2021-29280 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
| In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | |||||
| CVE-2021-29115 | 1 Esri | 1 Arcgis Enterprise | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. | |||||
| CVE-2021-28633 | 1 Adobe | 1 Creative Cloud Desktop Application | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system. | |||||
| CVE-2021-28623 | 2 Adobe, Microsoft | 2 Premiere Elements, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-28597 | 3 Adobe, Apple, Microsoft | 3 Photoshop Elements, Macos, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-28568 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-11-21 | 6.9 MEDIUM | 5.8 MEDIUM |
| Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. | |||||
| CVE-2021-28488 | 1 Ericsson | 1 Network Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). | |||||
| CVE-2021-28168 | 2 Eclipse, Oracle | 3 Jersey, Communications Cloud Native Core Policy, Communications Cloud Native Core Unified Data Repository | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users. | |||||
| CVE-2021-27424 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. | |||||
| CVE-2021-27236 | 1 Mutare | 1 Voice | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution. | |||||
| CVE-2021-26327 | 1 Amd | 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | |||||
| CVE-2021-26312 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
| CVE-2021-26309 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. | |||||