Total
29694 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32689 | 1 Nextcloud | 1 Talk | 2024-11-21 | 8.1 High |
| Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don't allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so. | ||||
| CVE-2021-32680 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 3.3 Low |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. | ||||
| CVE-2021-32656 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.6 High |
| Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the "Add server automatically once a federated share was created successfully" setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable "Add server automatically once a federated share was created successfully" in the Nextcloud settings. | ||||
| CVE-2021-32655 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges. The vulnerability is patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds are known to exist. | ||||
| CVE-2021-32635 | 1 Sylabs | 1 Singularity | 2024-11-21 | 6.3 Medium |
| Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default remote endpoint (`cloud.sylabs.io`) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container. Only action commands (`run`/`shell`/`exec`) against `library://` URIs are affected. Other commands such as `pull` / `push` respect the configured remote endpoint. The vulnerability is patched in Singularity version 3.7.4. Two possible workarounds exist: Users can only interact with the default remote endpoint, or an installation can have an execution control list configured to restrict execution to containers signed with specific secure keys. | ||||
| CVE-2021-32591 | 1 Fortinet | 4 Fortiadc, Fortimail, Fortisandbox and 1 more | 2024-11-21 | 5.3 Medium |
| A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. | ||||
| CVE-2021-32587 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 4.3 Medium |
| An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. | ||||
| CVE-2021-32523 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 9.1 Critical |
| Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | ||||
| CVE-2021-32517 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 High |
| Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32514 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 High |
| Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32511 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 4.3 Medium |
| QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32483 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 5.3 Medium |
| Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard. | ||||
| CVE-2021-32462 | 2 Microsoft, Trendmicro | 2 Windows, Password Manager | 2024-11-21 | 8.8 High |
| Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. | ||||
| CVE-2021-32100 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 6.5 Medium |
| A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user. | ||||
| CVE-2021-32077 | 1 Veritystream | 1 Msow Solutions | 2024-11-21 | 7.5 High |
| Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII. | ||||
| CVE-2021-32071 | 1 Mitel | 1 Micollab | 2024-11-21 | 9.8 Critical |
| The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users. | ||||
| CVE-2021-32004 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 3.7 Low |
| This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning. | ||||
| CVE-2021-32002 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2024-11-21 | 4.3 Medium |
| Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | ||||
| CVE-2021-32001 | 1 Suse | 2 Rancher K3s, Rancher Rke2 | 2024-11-21 | 6.5 Medium |
| K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions. | ||||
| CVE-2021-31987 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2024-11-21 | 7.5 High |
| A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | ||||