Total
3021 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-1756 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information. | |||||
CVE-2021-32453 | 1 Sitel-sa | 2 Cap\/prx, Cap\/prx Firmware | 2023-12-10 | 2.1 LOW | 3.3 LOW |
SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the deviceĀ“s configuration. | |||||
CVE-2021-21740 | 1 Zte | 2 Zxhn H2640, Zxhn H2640 Firmware | 2023-12-10 | 2.1 LOW | 2.4 LOW |
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. | |||||
CVE-2021-35986 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-27913 | 1 Acquia | 1 Mautic | 2023-12-10 | 3.5 LOW | 3.5 LOW |
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. | |||||
CVE-2021-2411 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql Cluster | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2021-22747 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2023-12-10 | 2.1 LOW | 3.9 LOW |
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746. | |||||
CVE-2021-26908 | 1 Automox | 1 Automox | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | |||||
CVE-2021-3037 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 2.1 LOW | 2.3 LOW |
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server. | |||||
CVE-2021-36084 | 2 Fedoraproject, Selinux Project | 2 Fedora, Selinux | 2023-12-10 | 2.1 LOW | 3.3 LOW |
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). | |||||
CVE-2021-25366 | 1 Samsung | 1 Internet | 2023-12-10 | 3.6 LOW | 2.9 LOW |
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. | |||||
CVE-2020-15279 | 1 Bitdefender | 1 Endpoint Security Tools | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. | |||||
CVE-2021-22308 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 2.1 LOW | 3.3 LOW |
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage. | |||||
CVE-2020-36473 | 1 Ucweb | 1 Ucweb Uc | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs. | |||||
CVE-2021-21598 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2023-12-10 | 2.1 LOW | 3.9 LOW |
Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files. | |||||
CVE-2021-2326 | 1 Oracle | 1 Database Vault | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
CVE-2021-30915 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-12-10 | 2.1 LOW | 2.4 LOW |
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field. | |||||
CVE-2021-32002 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | |||||
CVE-2021-2232 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2023-12-10 | 1.9 LOW | 1.9 LOW |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2021-2336 | 1 Oracle | 1 Database | 2023-12-10 | 3.5 LOW | 3.5 LOW |
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N). |