Latest CVE Feed
-
5.5
MEDIUMCVE-2021-33086
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.... Read more
Affected Products : nuc_8_rugged_kit_nuc8cchkr_firmware nuc_board_nuc8cchb_firmware nuc_kit_nuc7cjyh_firmware nuc_kit_nuc7pjyh_firmware nuc_kit_nuc6cays_firmware nuc_kit_nuc6cayh_firmware nuc_m15_laptop_kit_lapbc510_firmware nuc_m15_laptop_kit_lapbc710_firmware nuc_11_compute_element_cm11ebi38w_firmware nuc_11_compute_element_cm11ebi58w_firmware +196 more products- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2021-33083
Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access.... Read more
Affected Products : optane_ssd_dc_p4800x_firmware optane_ssd_dc_p4801x_firmware optane_ssd_p5800x_firmware optane_memory_h20_with_solid_state_storage_firmware optane_memory_h10_with_solid_state_storage_firmware optane_ssd_905p_firmware optane_ssd_900p_firmware optane_ssd_dc_p4800x optane_ssd_900p optane_ssd_905p +4 more products- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-33073
Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access.... Read more
Affected Products : distribution_of_openvino_toolkit- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33071
Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products : oneapi_rendering_toolkit- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-33069
Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access. ... Read more
Affected Products : optane_ssd_dc_p4800x_firmware optane_ssd_dc_p4801x_firmware optane_ssd_p5800x_firmware optane_memory_h20_with_solid_state_storage_firmware optane_memory_h10_with_solid_state_storage_firmware optane_ssd_905p_firmware optane_ssd_900p_firmware optane_ssd_dc_p4800x optane_ssd_900p optane_ssd_905p +4 more products- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33063
Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33062
Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products : vtune_profiler- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-33059
Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
Affected Products : administrative_tools_for_intel_network_adapters- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33058
Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access.... Read more
- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33057
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object... Read more
Affected Products : qq- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33056
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.... Read more
Affected Products : belle-sip- Published: Aug. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-33055
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.... Read more
- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33054
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions afte... Read more
- Published: Jun. 04, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33046
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.... Read more
Affected Products : sd6al_firmware sd50_firmware sd52c_firmware ipc-hx2xxx_firmware ipc-hx3xxx_firmware ipc-hx5xxx_firmware sd1a1_firmware sd22_firmware tpc-bf1241_firmware tpc-bf2221_firmware +46 more products- Published: Jan. 13, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33041
vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS.... Read more
Affected Products : vmd- Published: May. 17, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33040
managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.... Read more
Affected Products : epub.js- Published: Jan. 17, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33038
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might... Read more
- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically:... Read more
Affected Products : debian_linux communications_policy_management communications_pricing_design_center mysql_enterprise_monitor tomcat hospitality_cruise_shipboard_property_management_system communications_cloud_native_core_policy agile_plm communications_diameter_signaling_router communications_instant_messaging_server +12 more products- Published: Jul. 12, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33036
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.... Read more
Affected Products : hadoop- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33035
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A care... Read more
Affected Products : openoffice- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024