Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43192 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2021-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. | |||||
| CVE-2021-43193 | 1 Jetbrains | 1 Teamcity | 2021-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | |||||
| CVE-2021-43194 | 1 Jetbrains | 1 Teamcity | 2021-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, user enumeration was possible. | |||||
| CVE-2021-43203 | 1 Jetbrains | 1 Ktor | 2021-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. | |||||
| CVE-2021-38666 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-10 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-43180 | 1 Jetbrains | 1 Hub | 2021-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | |||||
| CVE-2021-43181 | 1 Jetbrains | 1 Hub | 2021-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2021.1.13690, stored XSS is possible. | |||||
| CVE-2021-32482 | 1 Cloudera | 1 Cloudera Manager | 2021-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. | |||||
| CVE-2021-43182 | 1 Jetbrains | 1 Hub | 2021-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | |||||
| CVE-2021-43191 | 3 Apple, Google, Jetbrains | 3 Iphone Os, Android, Youtrack Mobile | 2021-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. | |||||
| CVE-2021-24625 | 1 Web-dorado | 1 Spidercatalog | 2021-11-10 | 6.5 MEDIUM | 7.2 HIGH |
| The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category | |||||
| CVE-2021-24616 | 1 Addtoany | 1 Addtoany Share Buttons | 2021-11-10 | 3.5 LOW | 4.8 MEDIUM |
| The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-41222 | 1 Google | 1 Tensorflow | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-26443 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-11-10 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||
| CVE-2021-29243 | 1 Cloudera | 1 Cloudera Manager | 2021-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. | |||||
| CVE-2016-4450 | 3 Canonical, Debian, F5 | 3 Ubuntu Linux, Debian Linux, Nginx | 2021-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. | |||||
| CVE-2014-3556 | 1 F5 | 1 Nginx | 2021-11-10 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
| CVE-2014-3616 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2021-11-10 | 4.3 MEDIUM | N/A |
| nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. | |||||
| CVE-2014-0088 | 1 F5 | 1 Nginx | 2021-11-10 | 7.5 HIGH | N/A |
| The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2014-0133 | 2 F5, Opensuse | 2 Nginx, Opensuse | 2021-11-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. | |||||