Total
35283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26943 | 1 Asus | 2 Ux360ca, Ux360ca Bios | 2024-11-21 | 8.2 High |
| The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). | ||||
| CVE-2021-26939 | 1 Henriquedornas | 1 Henriquedornas | 2024-11-21 | 7.5 High |
| An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem | ||||
| CVE-2021-26934 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. | ||||
| CVE-2021-26933 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. | ||||
| CVE-2021-26932 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. | ||||
| CVE-2021-26930 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. | ||||
| CVE-2021-26917 | 1 Bitmessage | 1 Pybitmessage | 2024-11-21 | 5.5 Medium |
| PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker | ||||
| CVE-2021-26902 | 1 Microsoft | 1 High Efficiency Video Coding | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-26901 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2021-26899 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows UPnP Device Host Elevation of Privilege Vulnerability | ||||
| CVE-2021-26898 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2021-26897 | 1 Microsoft | 10 Windows Server 1909, Windows Server 2004, Windows Server 2008 and 7 more | 2024-11-21 | 9.8 Critical |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2021-26896 | 1 Microsoft | 10 Windows Server 1909, Windows Server 2004, Windows Server 2008 and 7 more | 2024-11-21 | 7.5 High |
| Windows DNS Server Denial of Service Vulnerability | ||||
| CVE-2021-26895 | 1 Microsoft | 10 Windows Server 1909, Windows Server 2004, Windows Server 2008 and 7 more | 2024-11-21 | 9.8 Critical |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2021-26894 | 1 Microsoft | 10 Windows Server 1909, Windows Server 2004, Windows Server 2008 and 7 more | 2024-11-21 | 9.8 Critical |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2021-26893 | 1 Microsoft | 10 Windows Server 1909, Windows Server 2004, Windows Server 2008 and 7 more | 2024-11-21 | 9.8 Critical |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2021-26892 | 1 Microsoft | 11 Windows 10, Windows 10 1607, Windows 10 1803 and 8 more | 2024-11-21 | 6.2 Medium |
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | ||||
| CVE-2021-26891 | 1 Microsoft | 10 Windows 10, Windows 10 1607, Windows 10 1809 and 7 more | 2024-11-21 | 7.8 High |
| Windows Container Execution Agent Elevation of Privilege Vulnerability | ||||
| CVE-2021-26890 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-11-21 | 7.8 High |
| Application Virtualization Remote Code Execution Vulnerability | ||||
| CVE-2021-26886 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 6.1 Medium |
| User Profile Service Denial of Service Vulnerability | ||||