Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38989 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. | |||||
| CVE-2021-38988 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. | |||||
| CVE-2021-46384 | 1 Mingsoft | 1 Mcms | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. | |||||
| CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | |||||
| CVE-2021-41003 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y83 and 12 more | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | |||||
| CVE-2021-45864 | 1 Tsmuxer Project | 1 Tsmuxer | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. | |||||
| CVE-2021-41282 | 1 Pfsense | 1 Pfsense | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. | |||||
| CVE-2020-15936 | 1 Fortinet | 1 Fortios | 2022-07-12 | 4.0 MEDIUM | 4.5 MEDIUM |
| A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | |||||
| CVE-2021-36166 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | |||||
| CVE-2021-38955 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. | |||||
| CVE-2020-4925 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. | |||||
| CVE-2021-44747 | 1 F-secure | 5 Atlant, Elements Endpoint Protection, Internet Gatekeeper and 2 more | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | |||||
| CVE-2020-22844 | 1 Mikrotik | 1 Routeros | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. | |||||
| CVE-2020-27958 | 1 Osu | 1 Ohio Supercomputer Center Open Ondemand | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | |||||
| CVE-2021-40046 | 1 Huawei | 1 Pcmanager | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. | |||||
| CVE-2021-22448 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files. | |||||
| CVE-2021-22430 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. | |||||
| CVE-2021-44664 | 1 Xerte | 1 Xerte | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable. | |||||
| CVE-2021-44550 | 1 Stanford | 1 Corenlp | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | |||||
| CVE-2021-46701 | 1 Premid | 1 Premid | 2022-07-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord. | |||||
| CVE-2021-29655 | 1 Pexip | 1 Infinity Connect | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | |||||
| CVE-2021-46063 | 1 Mingsoft | 1 Mcms | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | |||||
| CVE-2021-39026 | 1 Ibm | 1 Guardium Data Encryption | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964. | |||||
| CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | |||||
| CVE-2021-46249 | 1 Scratchoauth2 Project | 1 Scratchoauth2 | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps. | |||||
| CVE-2021-43948 | 1 Atlassian | 1 Jira Service Management | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-43950 | 1 Atlassian | 1 Jira Service Management | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-45310 | 1 Sangoma | 1 Switchvox | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser. | |||||
| CVE-2021-46371 | 1 Antd-admin Project | 1 Antd-admin | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information. | |||||
| CVE-2021-45420 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced. | |||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | |||||
| CVE-2021-39662 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 | |||||
| CVE-2021-39619 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948 | |||||
| CVE-2021-31932 | 1 Nokia | 1 Bts Trs Web Console | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. | |||||
| CVE-2021-23597 | 1 Fastify | 1 Fastify-multipart | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382). | |||||
| CVE-2021-40044 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations. | |||||
| CVE-2021-39994 | 1 Huawei | 1 Emui | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | |||||
| CVE-2021-39991 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-39986 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37115 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37109 | 1 Huawei | 1 Emui | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. | |||||
| CVE-2021-33119 | 1 Intel | 1 Realsense Depth Camera Manager | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-23152 | 1 Intel | 1 Advisor | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0171 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0167 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0164 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0124 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2022-07-12 | 4.6 MEDIUM | 6.6 MEDIUM |
| Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-0103 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0099 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0091 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access. | |||||