Total
9594 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-3677 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2024-11-21 | 6.5 Medium |
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. | ||||
CVE-2021-3644 | 1 Redhat | 7 Descision Manager, Jboss Enterprise Application Platform, Jboss Enterprise Bpms Platform and 4 more | 2024-11-21 | 3.3 Low |
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. | ||||
CVE-2021-3602 | 2 Buildah Project, Redhat | 4 Buildah, Enterprise Linux, Enterprise Linux For Ibm Z Systems and 1 more | 2024-11-21 | 5.5 Medium |
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). | ||||
CVE-2021-3590 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | 8.8 High |
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-3585 | 1 Openstack | 1 Tripleo Heat Templates | 2024-11-21 | 5.5 Medium |
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | ||||
CVE-2021-3566 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 5.5 Medium |
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). | ||||
CVE-2021-3565 | 3 Fedoraproject, Redhat, Tpm2-tools Project | 3 Fedora, Enterprise Linux, Tpm2-tools | 2024-11-21 | 5.9 Medium |
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. | ||||
CVE-2021-3545 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 6.5 Medium |
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. | ||||
CVE-2021-3503 | 1 Redhat | 1 Wildfly | 2024-11-21 | 4.3 Medium |
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. | ||||
CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 11 Debian Linux, Fedora, Cloud Backup and 8 more | 2024-11-21 | 5.7 Medium |
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | ||||
CVE-2021-3413 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman Azurerm | 2024-11-21 | 6.3 Medium |
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-3031 | 1 Paloaltonetworks | 14 Pa-200, Pa-2020, Pa-2050 and 11 more | 2024-11-21 | 4.3 Medium |
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5. | ||||
CVE-2021-3024 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.3 Medium |
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7. | ||||
CVE-2021-39980 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.3 Medium |
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure. | ||||
CVE-2021-39972 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. | ||||
CVE-2021-39941 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.7 Low |
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members | ||||
CVE-2021-39898 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.7 Low |
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from. | ||||
CVE-2021-39856 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.5 Medium |
Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. | ||||
CVE-2021-39855 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.5 Medium |
Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. | ||||
CVE-2021-39636 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel |