Total
2061 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40456 | 1 Microsoft | 3 Windows Server, Windows Server 2019, Windows Server 2022 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Windows AD FS Security Feature Bypass Vulnerability | |||||
| CVE-2021-3956 | 1 Lenovo | 46 Thinkagile Hx1320, Thinkagile Hx1321, Thinkagile Hx1520-r and 43 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected. | |||||
| CVE-2021-3763 | 1 Redhat | 1 Amq Broker | 2024-11-21 | N/A | 4.3 MEDIUM |
| A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity. | |||||
| CVE-2021-3658 | 2 Bluez, Fedoraproject | 2 Bluez, Fedora | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. | |||||
| CVE-2021-3577 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. | |||||
| CVE-2021-3563 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack Platform | 2024-11-21 | N/A | 7.4 HIGH |
| A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-3499 | 1 Ovn | 1 Ovn-kubernetes | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service. | |||||
| CVE-2021-3469 | 1 Theforeman | 1 Foreman | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly. | |||||
| CVE-2021-3457 | 1 Theforeman | 1 Smart Proxy Shell Hooks | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | |||||
| CVE-2021-3456 | 1 Theforeman | 1 Smart Proxy Salt | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | |||||
| CVE-2021-3337 | 1 Hide Thread Content Project | 1 Hide Thread Content | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit. | |||||
| CVE-2021-39945 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked | |||||
| CVE-2021-39943 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call | |||||
| CVE-2021-39936 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki. | |||||
| CVE-2021-39930 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates | |||||
| CVE-2021-39918 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
| Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed. | |||||
| CVE-2021-39904 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request | |||||
| CVE-2021-39902 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. | |||||
| CVE-2021-39876 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. | |||||
| CVE-2021-39802 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel | |||||