Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42025 | 1 Mendix | 1 Mendix | 2021-11-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it. | |||||
| CVE-2021-40501 | 1 Sap | 1 Abap Platform Kernel | 2021-11-12 | 5.5 MEDIUM | 8.1 HIGH |
| SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system. | |||||
| CVE-2021-41377 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-38887 | 1 Ibm | 1 Infosphere Information Server | 2021-11-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401. | |||||
| CVE-2021-41378 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| Windows NTFS Remote Code Execution Vulnerability | |||||
| CVE-2021-25975 | 1 Publify Project | 1 Publify | 2021-11-12 | 3.5 LOW | 5.4 MEDIUM |
| In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | |||||
| CVE-2021-25974 | 1 Publify Project | 1 Publify | 2021-11-12 | 3.5 LOW | 5.4 MEDIUM |
| In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. | |||||
| CVE-2021-42015 | 1 Mendix | 1 Mendix | 2021-11-12 | 1.9 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache. | |||||
| CVE-2021-41379 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-42274 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-11-12 | 2.1 LOW | 6.5 MEDIUM |
| Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | |||||
| CVE-2021-33624 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2021-11-12 | 4.7 MEDIUM | 4.7 MEDIUM |
| In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. | |||||
| CVE-2021-42275 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||
| CVE-2021-42276 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-11-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||
| CVE-2021-43569 | 1 Starkbank | 1 Ecdsa-dotnet | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43568 | 1 Starkbank | 1 Elixir Ecdsa | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43571 | 1 Starkbank | 1 Ecdsa-node | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43570 | 1 Starkbank | 1 Ecdsa-java | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-42277 | 1 Microsoft | 8 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 5 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||
| CVE-2021-37157 | 1 Opengamepanel | 1 Opengamepanel | 2021-11-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. | |||||
| CVE-2021-37158 | 1 Opengamepanel | 1 Opengamepanel | 2021-11-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command. | |||||