Total
2299 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31165 | 1 Microsoft | 6 Windows 10, Windows 10 1809, Windows 10 20h2 and 3 more | 2024-11-21 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-31158 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 6.5 Medium |
| In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. | ||||
| CVE-2021-30987 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs. | ||||
| CVE-2021-30975 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 8.6 High |
| This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. | ||||
| CVE-2021-30972 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences. | ||||
| CVE-2021-30925 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 9.1 Critical |
| The issue was addressed with improved permissions logic. This issue is fixed in watchOS 8, macOS Big Sur 11.6, iOS 15 and iPadOS 15. A malicious application may be able to bypass Privacy preferences. | ||||
| CVE-2021-30856 | 1 Apple | 1 Macos | 2024-11-21 | 9.1 Critical |
| This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions. This issue is fixed in macOS Big Sur 11.3. A malicious unsandboxed app on a system with Remote Login enabled may bypass Privacy preferences. | ||||
| CVE-2021-30638 | 1 Apache | 1 Tapestry | 2024-11-21 | 7.5 High |
| Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1. | ||||
| CVE-2021-30571 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 9.6 Critical |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2021-30539 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 5.4 Medium |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2021-30538 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2021-30537 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. | ||||
| CVE-2021-30534 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||
| CVE-2021-30159 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 Medium |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. | ||||
| CVE-2021-30155 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 Medium |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. | ||||
| CVE-2021-2471 | 3 Oracle, Quarkus, Redhat | 11 Communications Cloud Native Core Console, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 8 more | 2024-11-21 | 5.9 Medium |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H). | ||||
| CVE-2021-29961 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. | ||||
| CVE-2021-29959 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. | ||||
| CVE-2021-29951 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.5 Medium |
| The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. | ||||
| CVE-2021-29943 | 1 Apache | 1 Solr | 2024-11-21 | 9.1 Critical |
| When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. | ||||