Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43880 | 1 Microsoft | 1 Windows 11 | 2022-07-12 | 3.6 LOW | 5.5 MEDIUM |
| Windows Mobile Device Management Elevation of Privilege Vulnerability | |||||
| CVE-2021-43875 | 1 Microsoft | 2 365 Apps, Office | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2021-43248 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||
| CVE-2021-43247 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Windows TCP/IP Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-43246 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2022-07-12 | 4.9 MEDIUM | 5.6 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-43245 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital TV Tuner Elevation of Privilege Vulnerability | |||||
| CVE-2021-43240 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Set Short Name Elevation of Privilege Vulnerability | |||||
| CVE-2021-43239 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |||||
| CVE-2021-43238 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Elevation of Privilege Vulnerability | |||||
| CVE-2021-43237 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| Windows Setup Elevation of Privilege Vulnerability | |||||
| CVE-2021-43233 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 5.1 MEDIUM | 7.5 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-43232 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Remote Code Execution Vulnerability | |||||
| CVE-2021-43228 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| SymCrypt Denial of Service Vulnerability | |||||
| CVE-2021-43225 | 1 Microsoft | 1 Bot Framework Software Development Kit | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Bot Framework SDK Remote Code Execution Vulnerability | |||||
| CVE-2021-43223 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-43219 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| DirectX Graphics Kernel File Denial of Service Vulnerability | |||||
| CVE-2021-43217 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | |||||
| CVE-2021-43214 | 1 Microsoft | 1 Raw Image Extension | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Web Media Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-42312 | 1 Microsoft | 1 Defender For Iot | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Defender for IOT Elevation of Privilege Vulnerability | |||||
| CVE-2021-42293 | 1 Microsoft | 2 365 Apps, Office | 2022-07-12 | 5.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability | |||||
| CVE-2021-40441 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Media Center Elevation of Privilege Vulnerability | |||||
| CVE-2021-40826 | 2 Clementine-player, Microsoft | 2 Clementine, Windows | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | |||||
| CVE-2021-43051 | 1 Tibco | 1 Spotfire Server | 2022-07-12 | 8.5 HIGH | 6.8 MEDIUM |
| The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. | |||||
| CVE-2021-44042 | 1 Uipath | 1 Assistant | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application. | |||||
| CVE-2021-38950 | 1 Ibm | 1 Mq For Hpe Nonstop | 2022-07-12 | 4.4 MEDIUM | 7.8 HIGH |
| IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. | |||||
| CVE-2021-44235 | 1 Sap | 1 Netweaver Application Server For Abap | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
| Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system. | |||||
| CVE-2021-42069 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-07-12 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | |||||
| CVE-2021-38182 | 1 Kyma-project | 1 Kyma | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | |||||
| CVE-2021-45015 | 1 Taogogo | 1 Taocms | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | |||||
| CVE-2021-3376 | 1 Cuppacms | 1 Cuppacms | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | |||||
| CVE-2021-36721 | 1 Sysaid | 1 Application Programming Interface | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server. | |||||
| CVE-2021-44937 | 1 Glfusion | 1 Glfusion | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. | |||||
| CVE-2021-39065 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958. | |||||
| CVE-2021-39052 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523. | |||||
| CVE-2021-39934 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | |||||
| CVE-2021-39932 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. | |||||
| CVE-2021-39931 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 3.5 LOW | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. | |||||
| CVE-2021-39916 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | |||||
| CVE-2021-39910 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. | |||||
| CVE-2021-36169 | 1 Fortinet | 1 Fortios | 2022-07-12 | 6.6 MEDIUM | 6.0 MEDIUM |
| A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | |||||
| CVE-2021-40856 | 1 Auerswald | 6 Comfortel 1400 Ip, Comfortel 1400 Ip Firmware, Comfortel 2600 Ip and 3 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | |||||
| CVE-2021-44848 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | |||||
| CVE-2021-44515 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. | |||||
| CVE-2021-29214 | 1 Hp | 1 Storeserv Management Console | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. | |||||
| CVE-2021-37188 | 1 Digi | 17 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 14 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. | |||||
| CVE-2021-43703 | 1 Zzcms | 1 Zzcms | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console. | |||||
| CVE-2021-38951 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. | |||||
| CVE-2021-38926 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. | |||||
| CVE-2021-36167 | 1 Fortinet | 1 Forticlient | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | |||||
| CVE-2021-43540 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. | |||||