Total
688 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35215 | 1 Atomix | 1 Atomix | 2021-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. | |||||
| CVE-2021-45097 | 1 Knime | 1 Knime Server | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | |||||
| CVE-2021-1045 | 1 Google | 1 Android | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A | |||||
| CVE-2021-41065 | 1 Bopsoft | 1 Listary | 2021-12-20 | 4.4 MEDIUM | 7.3 HIGH |
| An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). | |||||
| CVE-2021-39646 | 1 Google | 1 Android | 2021-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A | |||||
| CVE-2021-0986 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 5.5 MEDIUM |
| In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339 | |||||
| CVE-2021-0978 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 3.3 LOW |
| In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406 | |||||
| CVE-2021-44523 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2021-12-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. | |||||
| CVE-2021-44522 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2021-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. | |||||
| CVE-2021-39915 | 1 Gitlab | 1 Gitlab | 2021-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects | |||||
| CVE-2021-22568 | 1 Dart | 1 Dart Software Development Kit | 2021-12-14 | 6.0 MEDIUM | 8.8 HIGH |
| When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0 | |||||
| CVE-2021-38505 | 2 Microsoft, Mozilla | 4 Windows 10, Firefox, Firefox Esr and 1 more | 2021-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2021-40288 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2021-12-10 | 7.8 HIGH | 7.5 HIGH |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | |||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2021-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | |||||
| CVE-2021-23264 | 1 Craftercms | 1 Crafter Cms | 2021-12-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. | |||||
| CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2021-11-24 | 7.2 HIGH | 7.8 HIGH |
| BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-36319 | 1 Dell | 1 Networking Os10 | 2021-11-23 | 2.1 LOW | 3.3 LOW |
| Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. | |||||
| CVE-2021-26327 | 1 Amd | 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more | 2021-11-19 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | |||||
| CVE-2020-12488 | 1 Vivo | 1 Jovi Smart Scene | 2021-11-15 | 2.1 LOW | 5.5 MEDIUM |
| The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. | |||||
| CVE-2019-14905 | 3 Fedoraproject, Opensuse, Redhat | 8 Fedora, Backports Sle, Leap and 5 more | 2021-11-02 | 4.6 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. | |||||