Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39994 | 1 Huawei | 1 Emui | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | |||||
| CVE-2021-39991 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37115 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-43145 | 1 Zammad | 1 Zammad | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | |||||
| CVE-2021-29151 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29152 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29711 | 1 Ibm | 1 Urbancode Deploy | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965. | |||||
| CVE-2021-30918 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2022-07-12 | 2.1 LOW | 2.4 LOW |
| A Lock Screen issue was addressed with improved state management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.0.1 and iPadOS 15.0.1. A user may be able to view restricted content from the Lock Screen. | |||||
| CVE-2021-44747 | 1 F-secure | 5 Atlant, Elements Endpoint Protection, Internet Gatekeeper and 2 more | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | |||||
| CVE-2020-4925 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. | |||||
| CVE-2021-28962 | 1 Stormshield | 1 Network Security | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | |||||
| CVE-2021-38989 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. | |||||
| CVE-2021-32025 | 1 Blackberry | 4 Qnx Momentics, Qnx Os For Medical, Qnx Os For Safety and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. | |||||
| CVE-2021-38971 | 1 Ibm | 1 Data Virtualization On Cloud Pak For Data | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620. | |||||
| CVE-2020-15388 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. | |||||
| CVE-2021-4191 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. | |||||
| CVE-2021-39746 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395 | |||||
| CVE-2021-39781 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502 | |||||
| CVE-2021-46742 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. | |||||
| CVE-2021-38988 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. | |||||
| CVE-2021-45230 | 1 Apache | 1 Airflow | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for. | |||||
| CVE-2021-0959 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-200284993 | |||||
| CVE-2021-37121 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission. | |||||
| CVE-2021-45700 | 1 Nervos | 1 Ckb | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup. | |||||
| CVE-2021-45510 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. | |||||
| CVE-2021-45498 | 1 Netgear | 2 R6700v2, R6700v2 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass. | |||||
| CVE-2021-45496 | 1 Netgear | 2 D7000, D7000 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||||
| CVE-2021-27006 | 1 Netapp | 1 Storagegrid | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | |||||
| CVE-2021-39645 | 1 Google | 1 Android | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A | |||||
| CVE-2021-39641 | 1 Google | 1 Android | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A | |||||
| CVE-2021-43899 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | |||||
| CVE-2021-43880 | 1 Microsoft | 1 Windows 11 | 2022-07-12 | 3.6 LOW | 5.5 MEDIUM |
| Windows Mobile Device Management Elevation of Privilege Vulnerability | |||||
| CVE-2021-43246 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2022-07-12 | 4.9 MEDIUM | 5.6 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-3705 | 1 Hp | 4 Laserjet Pro J8h60a, Laserjet Pro J8h60a Firmware, Laserjet Pro J8h61a and 1 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. | |||||
| CVE-2021-3440 | 1 Hp | 1 Hp Smart | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. | |||||
| CVE-2021-27004 | 1 Netapp | 1 Ontap System Manager | 2022-07-12 | 1.7 LOW | 5.5 MEDIUM |
| System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. | |||||
| CVE-2021-37254 | 1 M-files | 1 M-files Web | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | |||||
| CVE-2021-36991 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access. | |||||
| CVE-2021-22470 | 1 Huawei | 1 Harmonyos | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. | |||||
| CVE-2021-22034 | 1 Vmware | 1 Vrealize Operations Tenant | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | |||||
| CVE-2021-35559 | 4 Debian, Fedoraproject, Netapp and 1 more | 14 Debian Linux, Fedora, Active Iq Unified Manager and 11 more | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2021-35551 | 1 Oracle | 1 Database | 2022-07-12 | 5.5 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2021-42087 | 1 Zammad | 1 Zammad | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | |||||
| CVE-2021-42086 | 1 Zammad | 1 Zammad | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | |||||
| CVE-2021-39866 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. | |||||
| CVE-2021-41869 | 1 Salesagility | 1 Suitecrm | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. | |||||
| CVE-2021-37274 | 1 Kingdee | 1 Kis Cloud | 2022-07-12 | 8.5 HIGH | 8.8 HIGH |
| Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | |||||
| CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | |||||
| CVE-2021-41011 | 1 Linecorp | 1 Line | 2022-07-12 | 4.3 MEDIUM | 7.5 HIGH |
| LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information. | |||||
| CVE-2021-41393 | 1 Goteleport | 1 Teleport | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. | |||||