Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12893 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. | |||||
| CVE-2021-41271 | 1 Discourse | 1 Discourse | 2021-11-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. | |||||
| CVE-2020-14062 | 4 Debian, Fasterxml, Netapp and 1 more | 13 Debian Linux, Jackson-databind, Active Iq Unified Manager and 10 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | |||||
| CVE-2020-14195 | 4 Debian, Fasterxml, Netapp and 1 more | 14 Debian Linux, Jackson-databind, Active Iq Unified Manager and 11 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | |||||
| CVE-2020-14060 | 3 Fasterxml, Netapp, Oracle | 12 Jackson-databind, Active Iq Unified Manager, Steelstore Cloud Integrated Storage and 9 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | |||||
| CVE-2021-37580 | 1 Apache | 1 Shenyu | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0 | |||||
| CVE-2021-38949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-11-17 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. | |||||
| CVE-2021-28145 | 1 Concretecms | 1 Concrete Cms | 2021-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. | |||||
| CVE-2021-38882 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2021-11-17 | 2.1 LOW | 4.4 MEDIUM |
| IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164. | |||||
| CVE-2020-12960 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-17 | 2.1 LOW | 5.5 MEDIUM |
| AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS). | |||||
| CVE-2021-42300 | 1 Microsoft | 1 Azure Sphere | 2021-11-17 | 4.6 MEDIUM | 6.7 MEDIUM |
| Azure Sphere Tampering Vulnerability | |||||
| CVE-2021-42298 | 1 Microsoft | 1 Malware Protection Engine | 2021-11-17 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-43278 | 1 Opendesign | 1 Drawings Software Developemnt Kit | 2021-11-17 | 6.8 MEDIUM | 7.8 HIGH |
| An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-43277 | 1 Opendesign | 1 Oda Prc Software Development Kit | 2021-11-17 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2021-43276 | 1 Opendesign | 1 Oda Viewer | 2021-11-17 | 6.8 MEDIUM | 7.8 HIGH |
| An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process | |||||
| CVE-2021-43275 | 1 Opendesign | 1 Drawings Software Development Kit | 2021-11-17 | 6.8 MEDIUM | 7.8 HIGH |
| A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-42706 | 1 Advantech | 1 Webaccess Hmi Designer | 2021-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | |||||
| CVE-2021-3915 | 1 Bookstackapp | 1 Bookstack | 2021-11-17 | 3.5 LOW | 5.7 MEDIUM |
| bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | |||||
| CVE-2021-36305 | 1 Dell | 1 Emc Powerscale Onefs | 2021-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. | |||||
| CVE-2021-25940 | 1 Arangodb | 1 Arangodb | 2021-11-17 | 6.0 MEDIUM | 8.0 HIGH |
| In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system. | |||||