ReportizFlow
Filtered by vendor
Subscriptions
Total
4191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28511 | 1 Arista | 16 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 13 more | 2024-11-21 | 5.8 Medium |
| This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. | ||||
| CVE-2021-28507 | 1 Arista | 1 Eos | 2024-11-21 | 5.5 Medium |
| An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. | ||||
| CVE-2021-28505 | 1 Arista | 18 Ccs-710p-12, Ccs-710p-16p, Ccs-720xp-24y6 and 15 more | 2024-11-21 | 7.5 High |
| On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | ||||
| CVE-2021-28504 | 1 Arista | 18 Ccs-710p-12, Ccs-710p-16p, Ccs-720xp-24y6 and 15 more | 2024-11-21 | 7.5 High |
| On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. | ||||
| CVE-2021-28129 | 1 Apache | 1 Openoffice | 2024-11-21 | 7.8 High |
| While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice. | ||||
| CVE-2021-27653 | 1 Pega | 1 Infinity | 2024-11-21 | 6.6 Medium |
| Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | ||||
| CVE-2021-27598 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.3 Medium |
| SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet. | ||||
| CVE-2021-27258 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903. | ||||
| CVE-2021-26909 | 1 Automox | 1 Automox | 2024-11-21 | 3.7 Low |
| Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | ||||
| CVE-2021-26627 | 1 Qcp | 2 Qcp200w, Qcp200w Firmware | 2024-11-21 | 7.5 High |
| Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image. | ||||
| CVE-2021-26338 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 7.5 High |
| Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. | ||||
| CVE-2021-26334 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-11-21 | 9.9 Critical |
| The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | ||||
| CVE-2021-26262 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-11-21 | 6.2 Medium |
| Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||||
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-21 | 4.7 Medium |
| In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. | ||||
| CVE-2021-25954 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.3 Medium |
| In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint. | ||||
| CVE-2021-25672 | 1 Mendix | 1 Forgot Password | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts. | ||||
| CVE-2021-25501 | 1 Google | 1 Android | 2024-11-21 | 5.7 Medium |
| An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. | ||||
| CVE-2021-25463 | 1 Samsung | 1 Penup | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. | ||||
| CVE-2021-25448 | 1 Samsung | 1 Smart Touch Call | 2024-11-21 | 5.3 Medium |
| Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. | ||||
| CVE-2021-25447 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 5.3 Medium |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. | ||||