Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0645 | 1 Google | 1 Android | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320644 | |||||
| CVE-2020-4706 | 1 Ibm | 1 Api Connect | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194. | |||||
| CVE-2021-38608 | 1 Tranquil | 1 Wapt | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. | |||||
| CVE-2021-37326 | 1 Netsarang | 1 Xshell | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | |||||
| CVE-2021-36793 | 1 Routes Project | 1 Routes | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output. | |||||
| CVE-2021-36791 | 1 Dated News Project | 1 Dated News | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. | |||||
| CVE-2021-29880 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979. | |||||
| CVE-2021-38621 | 1 Netless | 1 Flat Server | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. | |||||
| CVE-2021-37349 | 1 Nagios | 1 Nagios Xi | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | |||||
| CVE-2021-37347 | 1 Nagios | 1 Nagios Xi | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | |||||
| CVE-2021-38599 | 1 Wal-g Project | 1 Wal-g | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to encrypt all file activity." | |||||
| CVE-2021-27792 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot. | |||||
| CVE-2021-27791 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process. | |||||
| CVE-2021-38088 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | |||||
| CVE-2021-37841 | 1 Docker | 1 Desktop | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. | |||||
| CVE-2021-38587 | 1 Cpanel | 1 Cpanel | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). | |||||
| CVE-2021-38566 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes. | |||||
| CVE-2020-25566 | 1 Sapphireims | 1 Sapphireims | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password). | |||||
| CVE-2020-25564 | 1 Sapphireims | 1 Sapphireims | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | |||||
| CVE-2021-0196 | 1 Intel | 8 Lapqc71a, Lapqc71a Firmware, Lapqc71b and 5 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-38539 | 1 Netgear | 24 D8500, D8500 Firmware, R6400 and 21 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.2.126, R7000 before 1.0.9.42, R7000P before 1.3.2.126, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.10, R8300 before 1.0.2.130, and R8500 before 1.0.2.130. | |||||
| CVE-2021-38516 | 1 Netgear | 118 Ac2100, Ac2100 Firmware, Ac2400 and 115 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. | |||||
| CVE-2021-38514 | 1 Netgear | 148 D3600, D3600 Firmware, D6000 and 145 more | 2022-07-12 | 4.0 MEDIUM | 2.7 LOW |
| Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22. | |||||
| CVE-2021-38513 | 1 Netgear | 22 Cbr40, Cbr40 Firmware, Eax20 and 19 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10. | |||||
| CVE-2021-38384 | 1 Serverless Offline Project | 1 Serverless Offline | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions). | |||||
| CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | |||||
| CVE-2020-36432 | 1 Alg Ds Project | 1 Alg Ds | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). | |||||
| CVE-2021-38137 | 1 Corero | 1 Securewatch Managed Services | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role. | |||||
| CVE-2021-37551 | 1 Jetbrains | 1 Youtrack | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. | |||||
| CVE-2021-37546 | 1 Jetbrains | 1 Teamcity | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | |||||
| CVE-2021-35324 | 1 Totolink | 2 A720r, A720r Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. | |||||
| CVE-2021-22928 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. | |||||
| CVE-2021-22517 | 1 Microfocus | 1 Data Protector | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data. | |||||
| CVE-2021-37605 | 1 Microchip | 1 Miwi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. | |||||
| CVE-2021-37604 | 1 Microchip | 1 Miwi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack. | |||||
| CVE-2021-29765 | 1 Ibm | 1 Powervm | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476. | |||||
| CVE-2021-34273 | 1 B2x Project | 1 B2x | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets. | |||||
| CVE-2021-34272 | 1 Robotbtc Project | 1 Robotbtc | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets. | |||||
| CVE-2021-33335 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user. | |||||
| CVE-2020-19305 | 1 Metinfo | 1 Metinfo | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||||
| CVE-2021-30583 | 3 Apple, Fedoraproject, Google | 3 Iphone Os, Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-30580 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page. | |||||
| CVE-2021-30577 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. | |||||
| CVE-2021-37848 | 1 Pengutronix | 1 Barebox | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | |||||
| CVE-2021-33196 | 2 Debian, Golang | 2 Debian Linux, Go | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | |||||
| CVE-2021-22446 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | |||||
| CVE-2021-22397 | 1 Huawei | 1 Manageone | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service. | |||||
| CVE-2021-20541 | 1 Ibm | 1 Cloud Pak For Security | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927. | |||||
| CVE-2021-20540 | 1 Ibm | 1 Cloud Pak For Security | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923. | |||||
| CVE-2021-20539 | 1 Ibm | 1 Cloud Pak For Security | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920. | |||||