Total
29515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30988 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed. | |||||
| CVE-2021-30947 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. | |||||
| CVE-2021-30850 | 1 Apple | 3 Mac Os X, Macos, Tvos | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. | |||||
| CVE-2021-30816 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. | |||||
| CVE-2021-30783 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-30641 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | |||||
| CVE-2021-30584 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-30583 | 3 Apple, Fedoraproject, Google | 3 Iphone Os, Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-30580 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page. | |||||
| CVE-2021-30558 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) | |||||
| CVE-2021-30532 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30531 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30503 | 1 Glsl Linting Project | 1 Glsl Linting | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration. | |||||
| CVE-2021-30349 | 1 Qualcomm | 282 Aqt1000, Aqt1000 Firmware, Ar8031 and 279 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30344 | 1 Qualcomm | 294 Apq8009w, Apq8009w Firmware, Apq8017 and 291 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-30276 | 1 Qualcomm | 116 Ar8035, Ar8035 Firmware, Qca6390 and 113 more | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
| Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30192 | 1 Codesys | 1 V2 Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | |||||
| CVE-2021-30162 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). | |||||
| CVE-2021-30132 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. | |||||
| CVE-2021-30127 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround. | |||||