Total
2299 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-24207 | 1 Themeum | 1 Wp Page Builder | 2024-11-21 | 4.3 Medium |
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. | ||||
CVE-2021-23803 | 1 Nette | 1 Latte | 2024-11-21 | 9.8 Critical |
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions. | ||||
CVE-2021-23175 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 8.2 High |
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream. | ||||
CVE-2021-23015 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 7.2 High |
On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2021-22966 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 8.8 High |
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: "Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )"This fix is also in Concrete version 9.0.0 | ||||
CVE-2021-22543 | 5 Debian, Fedoraproject, Linux and 2 more | 29 Debian Linux, Fedora, Linux Kernel and 26 more | 2024-11-21 | 7.8 High |
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | ||||
CVE-2021-22535 | 1 Microfocus | 1 Netiq Directory And Resource Administrator | 2024-11-21 | 4.9 Medium |
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure. | ||||
CVE-2021-22521 | 1 Microfocus | 2 Zenworks Configuration Management, Zenworks Endpoint Security Management | 2024-11-21 | 6.7 Medium |
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges. | ||||
CVE-2021-22515 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-11-21 | 4.8 Medium |
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | ||||
CVE-2021-22398 | 1 Huawei | 8 Hulk-al00c, Hulk-al00c Firmware, Jennifer-an00c and 5 more | 2024-11-21 | 4.6 Medium |
There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1). | ||||
CVE-2021-22389 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 9.8 Critical |
There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | ||||
CVE-2021-22262 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page | ||||
CVE-2021-22256 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | ||||
CVE-2021-22253 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 Medium |
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | ||||
CVE-2021-22251 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | ||||
CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | ||||
CVE-2021-22243 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5 Medium |
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | ||||
CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.2 Medium |
Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | ||||
CVE-2021-22239 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5 Medium |
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | ||||
CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 Medium |
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. |