Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26892 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-03-23 | 2.1 LOW | 5.5 MEDIUM |
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
| CVE-2021-27075 | 1 Microsoft | 5 Azure Container Instances, Azure Container Registry, Azure Kubernetes Service and 2 more | 2021-03-23 | 2.7 LOW | 6.8 MEDIUM |
| Azure Virtual Machine Information Disclosure Vulnerability | |||||
| CVE-2020-10013 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-03-22 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-27576 | 1 Apache | 1 Openmeetings | 2021-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0 | |||||
| CVE-2020-11974 | 1 Apache | 1 Dolphinscheduler | 2021-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | |||||
| CVE-2017-15041 | 3 Debian, Golang, Redhat | 7 Debian Linux, Go, Developer Tools and 4 more | 2021-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." | |||||
| CVE-2021-21493 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-19 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27085 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2019 | 2021-03-19 | 7.6 HIGH | 7.5 HIGH |
| Internet Explorer Remote Code Execution Vulnerability | |||||
| CVE-2021-23353 | 1 Parall | 1 Jspdf | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. | |||||
| CVE-2021-2047 | 1 Oracle | 1 Weblogic Server | 2021-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-28119 | 1 Twinkletray | 1 Twinkle Tray | 2021-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API. | |||||
| CVE-2021-26895 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2021-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26897. | |||||
| CVE-2021-26896 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-27063. | |||||
| CVE-2021-27052 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2021-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2021-24108 | 1 Microsoft | 2 365 Apps, Office | 2021-03-17 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27057, CVE-2021-27059. | |||||
| CVE-2021-24107 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-03-17 | 2.1 LOW | 5.5 MEDIUM |
| Windows Event Tracing Information Disclosure Vulnerability | |||||
| CVE-2021-26989 | 1 Netapp | 1 Data Ontap | 2021-03-17 | 3.5 LOW | 6.5 MEDIUM |
| Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access. | |||||
| CVE-2021-28134 | 1 Clipper Project | 1 Clipper | 2021-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API. | |||||
| CVE-2021-26859 | 1 Microsoft | 1 Power Bi Report Server | 2021-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Power BI Information Disclosure Vulnerability | |||||
| CVE-2021-25915 | 1 Changeset Project | 1 Changeset | 2021-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||