Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28275 | 1 Jhead Project | 1 Jhead | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. | |||||
| CVE-2020-15388 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. | |||||
| CVE-2021-39046 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | |||||
| CVE-2021-43961 | 1 Sonatype | 1 Nexus Repository Manager | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | |||||
| CVE-2021-39792 | 1 Google | 1 Android | 2022-07-12 | 1.9 LOW | 4.1 MEDIUM |
| In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel | |||||
| CVE-2021-39689 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
| In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748 | |||||
| CVE-2021-39624 | 1 Google | 1 Android | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-67862680 | |||||
| CVE-2021-45852 | 1 Projectworlds | 1 Hospital Management System In Php | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. | |||||
| CVE-2021-38971 | 1 Ibm | 1 Data Virtualization On Cloud Pak For Data | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620. | |||||
| CVE-2021-39025 | 1 Ibm | 1 Guardium Data Encryption | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. | |||||
| CVE-2021-41657 | 1 Smartbear | 1 Codecollaborator | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | |||||
| CVE-2021-28488 | 1 Ericsson | 1 Network Manager | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). | |||||
| CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2022-07-12 | 3.6 LOW | 6.0 MEDIUM |
| A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | |||||
| CVE-2021-38989 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. | |||||
| CVE-2021-38988 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. | |||||
| CVE-2021-41003 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y83 and 12 more | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | |||||
| CVE-2021-45864 | 1 Tsmuxer Project | 1 Tsmuxer | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. | |||||
| CVE-2020-15936 | 1 Fortinet | 1 Fortios | 2022-07-12 | 4.0 MEDIUM | 4.5 MEDIUM |
| A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | |||||
| CVE-2021-38955 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. | |||||
| CVE-2020-4925 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. | |||||
| CVE-2021-44747 | 1 F-secure | 5 Atlant, Elements Endpoint Protection, Internet Gatekeeper and 2 more | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | |||||
| CVE-2020-27958 | 1 Osu | 1 Ohio Supercomputer Center Open Ondemand | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | |||||
| CVE-2021-46701 | 1 Premid | 1 Premid | 2022-07-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord. | |||||
| CVE-2021-39026 | 1 Ibm | 1 Guardium Data Encryption | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964. | |||||
| CVE-2021-46249 | 1 Scratchoauth2 Project | 1 Scratchoauth2 | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps. | |||||
| CVE-2021-43948 | 1 Atlassian | 1 Jira Service Management | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-43950 | 1 Atlassian | 1 Jira Service Management | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-45310 | 1 Sangoma | 1 Switchvox | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser. | |||||
| CVE-2021-39991 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-39986 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37115 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-33119 | 1 Intel | 1 Realsense Depth Camera Manager | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0171 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0167 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0124 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2022-07-12 | 4.6 MEDIUM | 6.6 MEDIUM |
| Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-0103 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0060 | 2 Intel, Netapp | 190 11th Generation Core Series Firmware, Atom C3000 Series Firmware, Atom C3308 and 187 more | 2022-07-12 | 7.2 HIGH | 6.6 MEDIUM |
| Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-36177 | 1 Fortinet | 1 Fortiauthenticator | 2022-07-12 | 3.3 LOW | 4.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. | |||||
| CVE-2021-46658 | 1 Mariadb | 1 Mariadb | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | |||||
| CVE-2021-46657 | 1 Mariadb | 1 Mariadb | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | |||||
| CVE-2021-45226 | 1 Coins-global | 1 Construction Cloud | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites. | |||||
| CVE-2021-45230 | 1 Apache | 1 Airflow | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for. | |||||
| CVE-2021-44836 | 1 Deltarm | 1 Delta Rm | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened. | |||||
| CVE-2021-41551 | 1 Leostream | 1 Connection Broker | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. | |||||
| CVE-2021-23566 | 1 Nanoid Project | 1 Nanoid | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. | |||||
| CVE-2021-43974 | 1 Sysaid | 1 Itil | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication. | |||||
| CVE-2021-44590 | 1 Libming | 1 Libming | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. | |||||
| CVE-2021-43946 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0. | |||||
| CVE-2021-39980 | 1 Huawei | 1 Harmonyos | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure. | |||||
| CVE-2021-43333 | 1 Datalogic | 1 Dxu | 2022-07-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings. | |||||