Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30945 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-29873 | 1 Ibm | 12 Flashsystem 9000, Flashsystem 9000 Firmware, Flashsystem 9100 and 9 more | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. | |||||
| CVE-2021-43055 | 1 Tibco | 1 Eftl | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2021-29908 | 1 Ibm | 2 Ts7700, Ts7700 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747. | |||||
| CVE-2021-29760 | 1 Ibm | 1 Sterling B2b Integrator | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213. | |||||
| CVE-2021-36986 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | |||||
| CVE-2021-43219 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| DirectX Graphics Kernel File Denial of Service Vulnerability | |||||
| CVE-2021-43232 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Remote Code Execution Vulnerability | |||||
| CVE-2021-41874 | 1 Portainer | 1 Portainer | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. | |||||
| CVE-2020-21014 | 1 Emlog | 1 Emlog | 2022-07-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | |||||
| CVE-2021-39070 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2022-07-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. | |||||
| CVE-2021-41504 | 1 Dlink | 4 Dcs-5000l, Dcs-5000l Firmware, Dcs-932l and 1 more | 2022-07-12 | 5.2 MEDIUM | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-38872 | 1 Ibm | 1 Datapower Gateway | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348. | |||||
| CVE-2021-35550 | 4 Debian, Fedoraproject, Netapp and 1 more | 13 Debian Linux, Fedora, Active Iq Unified Manager and 10 more | 2022-07-12 | 7.1 HIGH | 5.9 MEDIUM |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2021-39644 | 1 Google | 1 Android | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A | |||||
| CVE-2021-21992 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. | |||||
| CVE-2021-43891 | 1 Microsoft | 1 Visual Studio Code | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-27005 | 1 Netapp | 1 Ontap System Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | |||||
| CVE-2021-20106 | 1 Tenable | 1 Nessus | 2022-07-12 | 8.5 HIGH | 6.5 MEDIUM |
| Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | |||||
| CVE-2021-29745 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695. | |||||
| CVE-2021-38788 | 1 Allwinnertech | 2 Android Q Sdk, R818 | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the interface provided by the service to set the number of applications allowed to run in the background to 0 and add themselves to the whitelist, so that once other applications enter the background, they will be forcibly stopped by the system, causing a denial of service. | |||||
| CVE-2021-42773 | 1 Broadcom | 1 Emulex Hba Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-42002 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | |||||
| CVE-2021-40991 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-38539 | 1 Netgear | 24 D8500, D8500 Firmware, R6400 and 21 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.2.126, R7000 before 1.0.9.42, R7000P before 1.3.2.126, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.10, R8300 before 1.0.2.130, and R8500 before 1.0.2.130. | |||||
| CVE-2021-45501 | 1 Netgear | 38 Ac2400, Ac2400 Firmware, Ac2600 and 35 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84. | |||||
| CVE-2020-28419 | 1 Hp | 1503 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy15a, Laserjet Managed Mfp E62665 3gy16a and 1500 more | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| During installation with certain driver software or application packages an arbitrary code execution could occur. | |||||
| CVE-2021-45495 | 1 Netgear | 2 D7000, D7000 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. | |||||
| CVE-2021-45497 | 1 Netgear | 2 D7000, D7000 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||||
| CVE-2021-45511 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27. | |||||
| CVE-2021-40990 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-40989 | 2 Arubanetworks, Microsoft | 2 Clearpass Policy Manager, Windows | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29707 | 1 Ibm | 1 Hardware Management Console | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879. | |||||
| CVE-2021-39884 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project. | |||||
| CVE-2021-39123 | 1 Atlassian | 2 Data Center, Jira | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before version 8.16.0. | |||||
| CVE-2021-38129 | 1 Microfocus | 1 Operations Agent | 2022-07-12 | 2.1 LOW | 3.3 LOW |
| Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. | |||||
| CVE-2021-22057 | 2 Linux, Vmware | 2 Linux Kernel, Workspace One Access | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. | |||||
| CVE-2021-43875 | 1 Microsoft | 2 365 Apps, Office | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2021-35225 | 1 Solarwinds | 1 Network Performance Monitor | 2022-07-12 | 5.5 MEDIUM | 6.4 MEDIUM |
| Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. | |||||
| CVE-2020-12900 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. | |||||
| CVE-2021-42312 | 1 Microsoft | 1 Defender For Iot | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Defender for IOT Elevation of Privilege Vulnerability | |||||
| CVE-2021-36791 | 1 Dated News Project | 1 Dated News | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. | |||||
| CVE-2021-20540 | 1 Ibm | 1 Cloud Pak For Security | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923. | |||||
| CVE-2021-36923 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-29774 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2022-07-12 | 6.0 MEDIUM | 7.5 HIGH |
| IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. | |||||
| CVE-2021-20541 | 1 Ibm | 1 Cloud Pak For Security | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927. | |||||
| CVE-2021-37736 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29880 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979. | |||||
| CVE-2021-45499 | 1 Netgear | 14 R6900p, R6900p Firmware, R7000p and 11 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. | |||||
| CVE-2021-45507 | 1 Netgear | 20 Cbr40, Cbr40 Firmware, Cbr750 and 17 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS40V before 2.6.2.8. | |||||