Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41748 | 2021-12-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-41874. Reason: This candidate is a duplicate of CVE-2021-41874. Notes: All CVE users should reference CVE-2021-41874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-33035 | 1 Apache | 1 Openoffice | 2021-12-01 | 6.8 MEDIUM | 7.8 HIGH |
| Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10 | |||||
| CVE-2021-41382 | 1 Plasticscm | 1 Plastic Scm | 2021-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. | |||||
| CVE-2021-36328 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | |||||
| CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | |||||
| CVE-2021-36326 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. | |||||
| CVE-2021-43268 | 1 Windriver | 1 Vxworks | 2021-12-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. | |||||
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2021-12-01 | 4.9 MEDIUM | 5.4 MEDIUM |
| An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. | |||||
| CVE-2021-20858 | 1 Elecom | 2 Wrc-2533ghbk-i, Wrc-2533ghbk-i Firmware | 2021-12-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-3727 | 1 Planetargon | 1 Oh My Zsh | 2021-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function). | |||||
| CVE-2021-43778 | 1 Glpi-project | 1 Barcode | 2021-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file. | |||||
| CVE-2020-9803 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-9806 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-9807 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-3900 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-3899 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-11-30 | 9.3 HIGH | 8.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2020-3895 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-11-30 | 9.3 HIGH | 8.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-27158 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2021-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | |||||
| CVE-2020-25765 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2021-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | |||||
| CVE-2020-13414 | 1 Aviatrix | 2 Controller, Gateway | 2021-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | |||||