Export limit exceeded: 13374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10135 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22550 | 1 Google | 1 Asylo | 2024-11-21 | 6.5 Medium |
| An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c | ||||
| CVE-2021-22549 | 1 Google | 1 Asylo | 2024-11-21 | 6.5 Medium |
| An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c | ||||
| CVE-2021-22539 | 1 Google | 1 Bazel | 2024-11-21 | 8.2 High |
| An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. | ||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 4.9 Medium |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | ||||
| CVE-2021-22523 | 1 Microfocus | 1 Verastream Host Integrator | 2024-11-21 | 7.6 High |
| XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions. | ||||
| CVE-2021-22498 | 1 Microfocus | 1 Application Lifecycle Management | 2024-11-21 | 8.1 High |
| XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection. | ||||
| CVE-2021-22468 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 3.3 Low |
| A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. | ||||
| CVE-2021-22454 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.5 Medium |
| A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. | ||||
| CVE-2021-22420 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.8 High |
| A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. | ||||
| CVE-2021-22385 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.8 High |
| A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | ||||
| CVE-2021-22338 | 1 Huawei | 2 Ecns280, Ecns280 Firmware | 2024-11-21 | 5.3 Medium |
| There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. | ||||
| CVE-2021-22221 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired | ||||
| CVE-2021-22158 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 7.2 High |
| The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected. | ||||
| CVE-2021-22144 | 2 Elastic, Oracle | 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 6.5 Medium |
| In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node. | ||||
| CVE-2021-22140 | 1 Elastic | 1 Elastic App Search | 2024-11-21 | 7.5 High |
| Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files. | ||||
| CVE-2021-22136 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 Low |
| In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out. | ||||
| CVE-2021-22118 | 4 Netapp, Oracle, Redhat and 1 more | 34 Hci, Management Services For Element Software, Commerce Guided Search and 31 more | 2024-11-21 | 7.8 High |
| In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | ||||
| CVE-2021-22098 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2024-11-21 | 6.1 Medium |
| UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites. | ||||
| CVE-2021-22047 | 1 Vmware | 1 Spring Data Rest | 2024-11-21 | 5.3 Medium |
| In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. | ||||
| CVE-2021-22044 | 1 Vmware | 1 Spring Cloud Openfeign | 2024-11-21 | 7.5 High |
| In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | ||||