Total
35190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4171 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| calibre-web is vulnerable to Business Logic Errors | ||||
| CVE-2021-4160 | 4 Debian, Openssl, Oracle and 1 more | 8 Debian Linux, Openssl, Enterprise Manager Ops Center and 5 more | 2024-11-21 | 5.9 Medium |
| There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). | ||||
| CVE-2021-4146 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 Medium |
| Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. | ||||
| CVE-2021-4138 | 1 Mozilla | 1 Geckodriver | 2024-11-21 | 5.3 Medium |
| Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | ||||
| CVE-2021-4076 | 1 Tang Project | 1 Tang | 2024-11-21 | 7.5 High |
| A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | ||||
| CVE-2021-4054 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2021-4047 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 High |
| The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | ||||
| CVE-2021-4023 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. | ||||
| CVE-2021-46899 | 1 Antonymale | 1 Synctrayzor | 2024-11-21 | 7.8 High |
| SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. | ||||
| CVE-2021-46895 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop. | ||||
| CVE-2021-46893 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity. | ||||
| CVE-2021-46892 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-46836 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-46812 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. | ||||
| CVE-2021-46789 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. | ||||
| CVE-2021-46788 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. | ||||
| CVE-2021-46787 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. | ||||
| CVE-2021-46785 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. | ||||
| CVE-2021-46774 | 1 Amd | 274 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 271 more | 2024-11-21 | 6.7 Medium |
| Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | ||||
| CVE-2021-46771 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 7.8 High |
| Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. | ||||