Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43875 | 1 Microsoft | 2 365 Apps, Office | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2021-43248 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||
| CVE-2021-43247 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Windows TCP/IP Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-43245 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital TV Tuner Elevation of Privilege Vulnerability | |||||
| CVE-2021-43240 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Set Short Name Elevation of Privilege Vulnerability | |||||
| CVE-2021-43239 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |||||
| CVE-2021-43238 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Elevation of Privilege Vulnerability | |||||
| CVE-2021-43237 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| Windows Setup Elevation of Privilege Vulnerability | |||||
| CVE-2021-43233 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 5.1 MEDIUM | 7.5 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-43232 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Remote Code Execution Vulnerability | |||||
| CVE-2021-43228 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| SymCrypt Denial of Service Vulnerability | |||||
| CVE-2021-43223 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-43219 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| DirectX Graphics Kernel File Denial of Service Vulnerability | |||||
| CVE-2021-42312 | 1 Microsoft | 1 Defender For Iot | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Defender for IOT Elevation of Privilege Vulnerability | |||||
| CVE-2021-40441 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Media Center Elevation of Privilege Vulnerability | |||||
| CVE-2021-40826 | 2 Clementine-player, Microsoft | 2 Clementine, Windows | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | |||||
| CVE-2021-38950 | 1 Ibm | 1 Mq For Hpe Nonstop | 2022-07-12 | 4.4 MEDIUM | 7.8 HIGH |
| IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. | |||||
| CVE-2021-38182 | 1 Kyma-project | 1 Kyma | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | |||||
| CVE-2021-3376 | 1 Cuppacms | 1 Cuppacms | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | |||||
| CVE-2021-40856 | 1 Auerswald | 6 Comfortel 1400 Ip, Comfortel 1400 Ip Firmware, Comfortel 2600 Ip and 3 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | |||||
| CVE-2021-29214 | 1 Hp | 1 Storeserv Management Console | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. | |||||
| CVE-2021-37188 | 1 Digi | 17 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 14 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. | |||||
| CVE-2021-38951 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. | |||||
| CVE-2021-38510 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2021-37075 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | |||||
| CVE-2021-36180 | 1 Fortinet | 1 Fortiweb | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | |||||
| CVE-2021-26110 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. | |||||
| CVE-2021-44420 | 5 Canonical, Debian, Djangoproject and 2 more | 5 Ubuntu Linux, Debian Linux, Django and 2 more | 2022-07-12 | 7.5 HIGH | 7.3 HIGH |
| In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | |||||
| CVE-2021-44149 | 2 Linaro, Nxp | 2 Op-tee, I.mx 6ultralite | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. | |||||
| CVE-2021-34543 | 1 Bkw | 2 Solar-log 500, Solar-log 500 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. | |||||
| CVE-2021-37091 | 1 Huawei | 1 Harmonyos | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | |||||
| CVE-2021-37068 | 1 Huawei | 1 Harmonyos | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks. | |||||
| CVE-2021-37038 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22170 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | |||||
| CVE-2021-43040 | 1 Kaseya | 1 Unitrends Backup | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. | |||||
| CVE-2021-43034 | 1 Kaseya | 1 Unitrends Backup | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. | |||||
| CVE-2021-35413 | 1 Chamilo | 1 Chamilo Lms | 2022-07-12 | 6.0 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. | |||||
| CVE-2021-44480 | 1 Wokkalokka | 2 Wokka Watch Q50, Wokka Watch Q50 Firmware | 2022-07-12 | 9.3 HIGH | 8.1 HIGH |
| Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. | |||||
| CVE-2021-20864 | 1 Elecom | 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more | 2022-07-12 | 8.3 HIGH | 8.8 HIGH |
| Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors. | |||||
| CVE-2021-43771 | 1 Trendmicro | 1 Antivirus | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-38283 | 1 Wipro | 1 Holmes | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI. | |||||
| CVE-2021-34424 | 5 Apple, Google, Linux and 2 more | 30 Iphone Os, Macos, Android and 27 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory. | |||||
| CVE-2021-21980 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2021-39976 | 1 Huawei | 2 Cloudengine 5800, Cloudengine 5800 Firmware | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. | |||||
| CVE-2021-44038 | 1 Quagga | 1 Quagga | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. | |||||
| CVE-2021-22966 | 1 Concretecms | 1 Concrete Cms | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: "Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )"This fix is also in Concrete version 9.0.0 | |||||
| CVE-2021-27024 | 1 Puppet | 1 Continuous Delivery | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0 | |||||
| CVE-2021-0151 | 1 Intel | 30 Ac1550, Ac1550 Firmware, Ac 3165 and 27 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0121 | 2 Ibm, Microsoft | 2 Iris Xe Max Dedicated Graphics, Windows 10 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-42955 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. | |||||