Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32551 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | |||||
| CVE-2021-38872 | 1 Ibm | 1 Datapower Gateway | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348. | |||||
| CVE-2021-33123 | 1 Intel | 1346 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 1343 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-33122 | 1 Intel | 466 Celeron N4000, Celeron N4000 Firmware, Celeron N4020 and 463 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-26258 | 1 Intel | 1 Killer Control Center | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0194 | 1 Intel | 1 In-band Manageability | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | |||||
| CVE-2021-3254 | 1 Asus | 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. | |||||
| CVE-2021-41020 | 1 Fortinet | 1 Fortiisolator | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. | |||||
| CVE-2021-43164 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. | |||||
| CVE-2021-46440 | 1 Strapi | 1 Strapi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | |||||
| CVE-2021-45602 | 1 Netgear | 36 D7800, D7800 Firmware, Ex2700 and 33 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. | |||||
| CVE-2021-45510 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. | |||||
| CVE-2021-45506 | 1 Netgear | 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45505 | 1 Netgear | 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45503 | 1 Netgear | 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45502 | 1 Netgear | 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45500 | 1 Netgear | 4 R7000p, R7000p Firmware, R8000 and 1 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68. | |||||
| CVE-2021-45499 | 1 Netgear | 14 R6900p, R6900p Firmware, R7000p and 11 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. | |||||
| CVE-2021-1784 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2021-30798 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2021-28701 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-07-12 | 4.4 MEDIUM | 7.8 HIGH |
| Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. | |||||
| CVE-2021-38142 | 1 Barco | 1 Mirrorop Windows Sender | 2022-07-12 | 7.2 HIGH | 8.8 HIGH |
| Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS). | |||||
| CVE-2021-38617 | 1 Eigentech | 1 Natural Language Processing | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. | |||||
| CVE-2021-38616 | 1 Eigentech | 1 Natural Language Processing | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more. | |||||
| CVE-2021-38615 | 1 Eigentech | 1 Natural Language Processing | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | |||||
| CVE-2021-36744 | 2 Microsoft, Trendmicro | 5 Windows, Maximum Security 2019, Maximum Security 2020 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. | |||||
| CVE-2021-31796 | 1 Cyberark | 1 Credential Provider | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. | |||||
| CVE-2021-40385 | 1 Kaseya | 1 Unitrends Backup Software | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. | |||||
| CVE-2021-40382 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access. | |||||
| CVE-2021-40381 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access. | |||||
| CVE-2021-40380 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials. | |||||
| CVE-2021-40379 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization. | |||||
| CVE-2021-35508 | 1 Terarecon | 1 Aquariusnet | 2022-07-12 | 8.5 HIGH | 8.8 HIGH |
| NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service. | |||||
| CVE-2021-39373 | 1 Samsung | 2 Drive Manager, H3 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | |||||
| CVE-2021-22944 | 1 Ui | 1 Unifi Protect | 2022-07-12 | 7.7 HIGH | 8.0 HIGH |
| A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. | |||||
| CVE-2021-28697 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. | |||||
| CVE-2021-44595 | 1 Wondershare | 1 Dr.fone | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. | |||||
| CVE-2021-38919 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 | |||||
| CVE-2021-46167 | 1 Pd065 Project | 2 Pd065, Pd065 Firmware | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). | |||||
| CVE-2021-44520 | 1 Citrix | 1 Xenmobile Server | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | |||||
| CVE-2021-39808 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 | |||||
| CVE-2021-39802 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel | |||||
| CVE-2021-39799 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 | |||||
| CVE-2021-37292 | 1 Kevinlab | 1 4st L-bems | 2022-07-12 | 9.0 HIGH | 7.2 HIGH |
| An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. | |||||
| CVE-2021-43483 | 1 Claro | 2 Kaon Cg3000, Kaon Cg3000 Firmware | 2022-07-12 | 5.2 MEDIUM | 8.0 HIGH |
| An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. | |||||
| CVE-2021-46418 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | |||||
| CVE-2021-45104 | 1 Wisc | 1 Htcondor | 2022-07-12 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data. | |||||
| CVE-2020-23349 | 1 Weibo | 1 Android Software Development Kit | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | |||||
| CVE-2021-39114 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | |||||