Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34705 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers. | |||||
| CVE-2021-34702 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||
| CVE-2021-34696 | 1 Cisco | 23 Asr 902, Asr 903, Asr 907 and 20 more | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. | |||||
| CVE-2021-34627 | 1 Wp-upload-restriction Project | 1 Wp-upload-restriction | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior. | |||||
| CVE-2021-34626 | 1 Wp-upload-restriction Project | 1 Wp-upload-restriction | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior. | |||||
| CVE-2021-34622 | 1 Properfraction | 1 Profilepress | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2021-34429 | 3 Eclipse, Netapp, Oracle | 18 Jetty, E-series Santricity Os Controller, E-series Santricity Web Services and 15 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. | |||||
| CVE-2021-34401 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service. | |||||
| CVE-2021-34273 | 1 B2x Project | 1 B2x | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets. | |||||
| CVE-2021-34272 | 1 Robotbtc Project | 1 Robotbtc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets. | |||||
| CVE-2021-34218 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. | |||||
| CVE-2021-34170 | 1 Fromsoftware | 1 Dark Souls Iii | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. | |||||
| CVE-2021-33723 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system. | |||||
| CVE-2021-33713 | 1 Siemens | 1 Jt Utilities | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. | |||||
| CVE-2021-33689 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted. | |||||
| CVE-2021-33677 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | |||||
| CVE-2021-33629 | 1 Openeuler | 1 Isula-build | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. | |||||
| CVE-2021-33604 | 1 Vaadin | 2 Flow-server, Vaadin | 2024-11-21 | 1.2 LOW | 2.5 LOW |
| URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. | |||||
| CVE-2021-33595 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33594 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. | |||||