Export limit exceeded: 349231 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35113 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35113 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20478 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.3 Low |
| IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. | ||||
| CVE-2021-20440 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 Medium |
| IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536. | ||||
| CVE-2021-20433 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 6.5 Medium |
| IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. | ||||
| CVE-2021-20422 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 7.5 High |
| IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304. | ||||
| CVE-2021-20404 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078. | ||||
| CVE-2021-20385 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.2 High |
| IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766. | ||||
| CVE-2021-20380 | 1 Ibm | 1 Qradar Advisor With Watson | 2024-11-21 | 7.5 High |
| IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712. | ||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 7.5 High |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | ||||
| CVE-2021-20341 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. | ||||
| CVE-2021-20332 | 1 Mongodb | 1 Rust Driver | 2024-11-21 | 4.2 Medium |
| Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default. This issue affects MongoDB Rust Driver version 2.0.0-alpha, MongoDB Rust Driver version 2.0.0-alpha1 and MongoDB Rust Driver version 1.0.0 through to and including 1.2.1 | ||||
| CVE-2021-20306 | 1 Redhat | 3 Descision Manager, Jbpm, Process Automation | 2024-11-21 | 4.3 Medium |
| A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-20302 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.5 Medium |
| A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20276 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2024-11-21 | 7.5 High |
| A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | ||||
| CVE-2021-20157 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 7.5 High |
| It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command. | ||||
| CVE-2021-20135 | 1 Tenable | 1 Nessus | 2024-11-21 | 6.7 Medium |
| Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus). | ||||
| CVE-2021-20127 | 1 Draytek | 1 Vigorconnect | 2024-11-21 | 8.1 High |
| An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges. | ||||
| CVE-2021-20121 | 1 Telus | 2 Prv65b444a-s-ts, Prv65b444a-s-ts Firmware | 2024-11-21 | 4.0 Medium |
| The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface. | ||||
| CVE-2021-20118 | 1 Tenable | 1 Nessus Agent | 2024-11-21 | 6.7 Medium |
| Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117. | ||||
| CVE-2021-20117 | 1 Tenable | 1 Nessus Agent | 2024-11-21 | 6.7 Medium |
| Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. | ||||
| CVE-2021-20106 | 1 Tenable | 1 Nessus | 2024-11-21 | 6.5 Medium |
| Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | ||||