Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30571 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-41013 | 1 Fortinet | 1 Fortiweb | 2021-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs. | |||||
| CVE-2021-22389 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | |||||
| CVE-2021-21186 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. | |||||
| CVE-2021-21182 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-20862 | 1 Elecom | 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more | 2021-12-02 | 3.3 LOW | 4.3 MEDIUM |
| Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product's settings via unspecified vectors. | |||||
| CVE-2021-30538 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30537 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. | |||||
| CVE-2021-30539 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | |||||
| CVE-2021-30534 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-24757 | 1 Stylishpricelist | 1 Stylish Price List | 2021-11-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images. | |||||
| CVE-2021-24742 | 1 Radiustheme | 1 Logo Slider And Showcase | 2021-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check. | |||||
| CVE-2021-24770 | 1 Stylishpricelist | 1 Stylish Price List | 2021-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images. | |||||
| CVE-2021-24717 | 1 Automatorwp | 1 Automatorwp | 2021-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions. | |||||
| CVE-2021-33118 | 1 Intel | 1 Serial Io Driver For Intel Nuc 11 Gen | 2021-11-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-16241 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2021-11-22 | 2.1 LOW | 2.1 LOW |
| Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2021-43553 | 1 Osisoft | 1 Pi Vision | 2021-11-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. | |||||
| CVE-2021-39234 | 1 Apache | 1 Ozone | 2021-11-19 | 4.9 MEDIUM | 6.8 MEDIUM |
| In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. | |||||
| CVE-2020-15110 | 1 Jupyterhub | 1 Kubespawner | 2021-11-18 | 5.5 MEDIUM | 8.1 HIGH |
| In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12. | |||||