Total
1368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38164 | 1 Sap | 1 Erp Financial Accounting | 2021-09-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to. | |||||
| CVE-2021-37535 | 1 Sap | 1 Netweaver Application Server Java | 2021-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. | |||||
| CVE-2021-21307 | 1 Lucee | 1 Lucee Server | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator. | |||||
| CVE-2021-1835 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-15 | 2.1 LOW | 4.6 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen. | |||||
| CVE-2018-8012 | 3 Apache, Debian, Oracle | 3 Zookeeper, Debian Linux, Goldengate Stream Analytics | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. | |||||
| CVE-2021-40378 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2021-09-10 | 8.5 HIGH | 8.1 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device. | |||||
| CVE-2017-9036 | 1 Trendmicro | 1 Serverprotect | 2021-09-09 | 7.2 HIGH | 7.8 HIGH |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | |||||
| CVE-2018-2484 | 1 Sap | 4 Bank\/cfm, Ea-finserv, S4core and 1 more | 2021-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2503 | 1 Sap | 1 Netweaver Application Server Java | 2021-09-09 | 3.3 LOW | 7.4 HIGH |
| By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). | |||||
| CVE-2019-13013 | 2 Apple, Obdev | 2 Macos, Little Snitch | 2021-09-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root. | |||||
| CVE-2021-40088 | 1 Primekey | 1 Ejbca | 2021-09-07 | 4.9 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by verifying that the client certificate has access to the CA and Profiles being enrolled against), this check was not performed when authenticating revocation operations, allowing a known tenant to revoke a certificate belonging to another tenant. | |||||
| CVE-2020-18757 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2021-08-25 | 7.8 HIGH | 7.5 HIGH |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet. | |||||
| CVE-2020-18753 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2021-08-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. | |||||
| CVE-2021-0642 | 1 Google | 1 Android | 2021-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149 | |||||
| CVE-2021-0641 | 1 Google | 1 Android | 2021-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454 | |||||
| CVE-2020-27466 | 1 Rconfig | 1 Rconfig | 2021-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2020-27464 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 6.8 MEDIUM | 7.8 HIGH |
| An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2021-38755 | 1 Hospital Management System Project | 1 Hospital Management System | 2021-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. | |||||
| CVE-2021-24501 | 1 Amentotech | 1 Workreap | 2021-08-17 | 5.5 MEDIUM | 8.1 HIGH |
| The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site. | |||||
| CVE-2021-22891 | 1 Citrix | 1 Sharefile Storagezones Controller | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller. | |||||