Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32031 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. | |||||
| CVE-2022-32030 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. | |||||
| CVE-2022-2229 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. | |||||
| CVE-2022-30707 | 1 Yokogawa | 11 B\/m9000 Vp, B\/m9000cs, Centum Cs 3000 and 8 more | 2023-08-08 | 5.4 MEDIUM | 8.8 HIGH |
| Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. | |||||
| CVE-2022-23171 | 2 Atlasvpn, Microsoft | 2 Atlasvpn, Windows | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed. | |||||
| CVE-2022-25856 | 1 Argo Events Project | 1 Argo Events | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | |||||
| CVE-2022-33753 | 1 Broadcom | 1 Ca Automic Automation | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | |||||
| CVE-2022-33751 | 1 Broadcom | 1 Ca Automic Automation | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | |||||
| CVE-2022-31849 | 1 Mercurycom | 2 Mipc451-4, Mipc451-4 Firmware | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. | |||||
| CVE-2022-30023 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | |||||
| CVE-2022-20203 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-20204 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100 | |||||
| CVE-2021-39971 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. | |||||
| CVE-2021-30289 | 1 Qualcomm | 206 Apq8009w, Apq8009w Firmware, Apq8017 and 203 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-45972 | 2 Debian, Giftrans Project | 2 Debian Linux, Giftrans | 2023-08-08 | 5.8 MEDIUM | 7.1 HIGH |
| The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. | |||||
| CVE-2021-37571 | 1 Mediatek | 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more | 2023-08-08 | 9.3 HIGH | 8.8 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write). | |||||
| CVE-2021-40161 | 1 Autodesk | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | |||||
| CVE-2021-39640 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A | |||||
| CVE-2021-37078 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. | |||||
| CVE-2021-37014 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. | |||||
| CVE-2021-43414 | 1 Gnu | 1 Hurd | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | |||||
| CVE-2021-22406 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. | |||||
| CVE-2021-30807 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2021-41357 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-40450 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-40449 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | |||||
| CVE-2021-38163 | 1 Sap | 1 Netweaver | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. | |||||
| CVE-2021-30983 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-36762 | 1 Hcc-embedded | 1 Nichestack | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\0' byte exists within a reasonable range). | |||||
| CVE-2021-24018 | 1 Fortinet | 1 Fortios | 2023-08-08 | 5.8 MEDIUM | 8.8 HIGH |
| A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. | |||||
| CVE-2021-34548 | 1 Torproject | 1 Tor | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. | |||||
| CVE-2021-0511 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | |||||
| CVE-2021-0056 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-1083 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4). | |||||
| CVE-2021-1082 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7) | |||||
| CVE-2021-1081 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7). | |||||
| CVE-2021-29424 | 2 Fedoraproject, Net\ | 2 Fedora, \ | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | |||||
| CVE-2021-1782 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-29662 | 2 Data\, Netapp | 2 \, Snapcenter | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | |||||
| CVE-2021-0109 | 1 Intel | 2 Compute Stick Stk1a32sc, Compute Stick Stk1a32sc Firmware | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-25298 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
| CVE-2021-25297 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
| CVE-2021-25296 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
| CVE-2021-1062 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2023-08-08 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1058 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2023-08-08 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2022-20138 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972 | |||||
| CVE-2022-20137 | 1 Google | 1 Android | 2023-08-08 | 6.9 MEDIUM | 7.3 HIGH |
| In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392 | |||||
| CVE-2022-20133 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 | |||||
| CVE-2022-20131 | 1 Google | 1 Android | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662 | |||||