Total
10445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20631 | 1 Cybozu | 1 Office | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. | |||||
| CVE-2021-20611 | 1 Mitsubishi | 110 Melipc Mi5122-vw, Melipc Mi5122-vw Firmware, Melsec Iq-r R00 Cpu and 107 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. | |||||
| CVE-2021-20601 | 1 Mitsubishielectric | 99 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2103-pmbds and 96 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction. | |||||
| CVE-2021-20583 | 1 Ibm | 1 Security Verify | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396. | |||||
| CVE-2021-20569 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. | |||||
| CVE-2021-20496 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. | |||||
| CVE-2021-20330 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | |||||
| CVE-2021-20329 | 1 Mongodb | 1 Go Driver | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0. | |||||
| CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20273 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | |||||
| CVE-2021-20252 | 1 Redhat | 1 3scale Api Management | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20194 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. | |||||
| CVE-2021-1970 | 1 Qualcomm | 236 Apq8053, Apq8053 Firmware, Aqt1000 and 233 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-1969 | 1 Qualcomm | 124 Aqt1000, Aqt1000 Firmware, Ar8031 and 121 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1968 | 1 Qualcomm | 124 Aqt1000, Aqt1000 Firmware, Ar8031 and 121 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1965 | 1 Qualcomm | 252 Aqt1000, Aqt1000 Firmware, Ar9380 and 249 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1960 | 1 Qualcomm | 276 Aqt1000, Aqt1000 Firmware, Ar8031 and 273 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1807 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. | |||||
| CVE-2021-1748 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2021-1602 | 1 Cisco | 6 Small Business Rv160, Small Business Rv160w, Small Business Rv260 and 3 more | 2024-11-21 | 10.0 HIGH | 8.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. | |||||