Total
35283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27047 | 1 Microsoft | 1 High Efficiency Video Coding | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-27025 | 3 Fedoraproject, Puppet, Redhat | 8 Fedora, Puppet, Puppet Agent and 5 more | 2024-11-21 | 6.5 Medium |
| A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | ||||
| CVE-2021-27023 | 3 Fedoraproject, Puppet, Redhat | 7 Fedora, Puppet Agent, Puppet Enterprise and 4 more | 2024-11-21 | 9.8 Critical |
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | ||||
| CVE-2021-27007 | 1 Netapp | 1 Virtual Desktop Service | 2024-11-21 | 9.8 Critical |
| NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. | ||||
| CVE-2021-27006 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 4.4 Medium |
| StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | ||||
| CVE-2021-27005 | 1 Netapp | 1 Ontap System Manager | 2024-11-21 | 7.5 High |
| Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | ||||
| CVE-2021-27004 | 1 Netapp | 1 Ontap System Manager | 2024-11-21 | 5.5 Medium |
| System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. | ||||
| CVE-2021-27002 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 7.5 High |
| NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | ||||
| CVE-2021-27001 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.5 Medium |
| Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | ||||
| CVE-2021-26996 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 7.5 High |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks. | ||||
| CVE-2021-26995 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 8.8 High |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code. | ||||
| CVE-2021-26994 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 6.5 Medium |
| Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. | ||||
| CVE-2021-26993 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 5.3 Medium |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server. | ||||
| CVE-2021-26992 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 7.5 High |
| Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). | ||||
| CVE-2021-26991 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 7.5 High |
| Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. | ||||
| CVE-2021-26989 | 1 Netapp | 1 Data Ontap | 2024-11-21 | 6.5 Medium |
| Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access. | ||||
| CVE-2021-26987 | 2 Netapp, Vmware | 4 Element Plug-in For Vcenter Server, Management Services For Element Software And Netapp Hci, Solidfire \& Hci Management Node and 1 more | 2024-11-21 | 9.8 Critical |
| Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. | ||||
| CVE-2021-26971 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.3 Medium |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. | ||||
| CVE-2021-26963 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.2 High |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | ||||
| CVE-2021-26956 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value. | ||||