Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0158 | 1 Intel | 484 Celeron N2805, Celeron N2806, Celeron N2807 and 481 more | 2021-11-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0182 | 1 Intel | 1 Hardware Accelerated Execution Manager | 2021-11-22 | 2.1 LOW | 6.2 MEDIUM |
| Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0180 | 1 Intel | 1 Hardware Accelerated Execution Manager | 2021-11-22 | 4.6 MEDIUM | 8.4 HIGH |
| Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access. | |||||
| CVE-2021-33073 | 1 Intel | 1 Distribution Of Openvino Toolkit | 2021-11-22 | 2.1 LOW | 5.5 MEDIUM |
| Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-0120 | 2 Intel, Microsoft | 2 Graphics Driver, Windows 10 | 2021-11-22 | 2.1 LOW | 5.5 MEDIUM |
| Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-33071 | 1 Intel | 1 Oneapi Rendering Toolkit | 2021-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33062 | 1 Intel | 1 Vtune Profiler | 2021-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-8070 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Macos and 5 more | 2021-11-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | |||||
| CVE-2019-8069 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Macos and 5 more | 2021-11-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | |||||
| CVE-2021-33087 | 1 Intel | 3 Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710, Nuc M15 Laptop Kit Management Engine Driver Pack | 2021-11-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine driver pack before version 15.0.10.1508 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-35618 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2021-11-22 | 1.4 LOW | 1.8 LOW |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L). | |||||
| CVE-2021-35621 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2021-11-22 | 4.0 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-33088 | 1 Intel | 3 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2021-11-22 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-16241 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2021-11-22 | 2.1 LOW | 2.1 LOW |
| Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2020-16244 | 1 Ge | 1 Asset Performance Management Classic | 2021-11-22 | 4.0 MEDIUM | 7.2 HIGH |
| GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords. | |||||
| CVE-2019-16451 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-11-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-16230 | 1 Hms-networks | 4 Ewon Cosy, Ewon Cosy Firmware, Ewon Flexy and 1 more | 2021-11-22 | 2.1 LOW | 2.3 LOW |
| All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. | |||||
| CVE-2020-16227 | 1 Deltaww | 1 Tpeditor | 2021-11-22 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-16215 | 1 Advantech | 1 Webaccess\/hmi Designer | 2021-11-22 | 9.3 HIGH | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2019-8196 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-11-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||