ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41035 | 2 Eclipse, Redhat | 3 Openj9, Enterprise Linux, Rhel Extras | 2024-11-21 | 9.8 Critical |
| In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | ||||
| CVE-2021-40649 | 1 Softwareag | 1 Connx | 2024-11-21 | 6.5 Medium |
| In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. | ||||
| CVE-2021-40343 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user. | ||||
| CVE-2021-40331 | 1 Apache | 1 Ranger | 2024-11-21 | 8.1 High |
| An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later. | ||||
| CVE-2021-40101 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password. | ||||
| CVE-2021-40067 | 1 Netmotionsoftware | 1 Mobility | 2024-11-21 | 6.8 Medium |
| The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14. | ||||
| CVE-2021-40066 | 1 Netmotionsoftware | 1 Mobility | 2024-11-21 | 5.3 Medium |
| The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14. | ||||
| CVE-2021-3747 | 2 Apple, Canonical | 2 Macos, Multipass | 2024-11-21 | 8.8 High |
| The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. | ||||
| CVE-2021-3706 | 1 Pi-hole | 1 Web Interface | 2024-11-21 | 7.5 High |
| adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | ||||
| CVE-2021-3631 | 2 Netapp, Redhat | 5 Ontap Select Deploy Administration Utility, Advanced Virtualization, Enterprise Linux and 2 more | 2024-11-21 | 6.3 Medium |
| A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3557 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 6.5 Medium |
| A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-3165 | 1 Missionlabs | 1 Smartagent | 2024-11-21 | 8.8 High |
| SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI. | ||||
| CVE-2021-39992 | 1 Huawei | 1 Emui | 2024-11-21 | 7.8 High |
| There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-39868 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. | ||||
| CVE-2021-39627 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549 | ||||
| CVE-2021-39621 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319 | ||||
| CVE-2021-39235 | 1 Apache | 1 Ozone | 2024-11-21 | 6.5 Medium |
| In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. | ||||
| CVE-2021-39210 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.5 Medium |
| GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature. | ||||
| CVE-2021-38879 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 5.3 Medium |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. | ||||
| CVE-2021-38590 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 Medium |
| In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). | ||||