Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37598 | 1 Wpcerber | 1 Wp Cerber | 2021-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character. | |||||
| CVE-2021-27793 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. | |||||
| CVE-2019-11294 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2021-08-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | |||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2021-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | |||||
| CVE-2021-22398 | 1 Huawei | 8 Hulk-al00c, Hulk-al00c Firmware, Jennifer-an00c and 5 more | 2021-08-11 | 2.1 LOW | 4.6 MEDIUM |
| There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1). | |||||
| CVE-2020-12733 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | |||||
| CVE-2021-22521 | 1 Microfocus | 2 Zenworks Configuration Management, Zenworks Endpoint Security Management | 2021-08-10 | 7.2 HIGH | 6.7 MEDIUM |
| A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges. | |||||
| CVE-2020-3472 | 1 Cisco | 1 Webex Meetings Online | 2021-08-06 | 4.0 MEDIUM | 5.0 MEDIUM |
| A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses. | |||||
| CVE-2020-3477 | 1 Cisco | 9 2610xm, 2611xm, 2612 and 6 more | 2021-08-06 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible. | |||||
| CVE-2020-3360 | 1 Cisco | 74 Unified Ip Phone 6901, Unified Ip Phone 6901 Firmware, Unified Ip Phone 6911 and 71 more | 2021-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device. | |||||
| CVE-2020-3335 | 1 Cisco | 2 Application Policy Infrastructure Controller, Application Services Engine | 2021-08-06 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device. | |||||
| CVE-2021-36758 | 1 1password | 1 Connect | 2021-08-05 | 5.5 MEDIUM | 5.4 MEDIUM |
| 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can create tokens that have access beyond what the user is authorized to access, but limited to the existing authorizations of the Secret Automation the token is created in. | |||||
| CVE-2021-36091 | 1 Otrs | 1 Otrs | 2021-08-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27. | |||||
| CVE-2021-36230 | 1 Hashicorp | 1 Terraform | 2021-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1. | |||||
| CVE-2021-31926 | 1 Cubecoders | 1 Amp | 2021-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the applicable API endpoint (despite not having permission to make changes to the system's network configuration). | |||||
| CVE-2021-33718 | 1 Siemens | 1 Mendix | 2021-07-27 | 3.5 LOW | 5.3 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object. | |||||
| CVE-2020-10786 | 1 Vestacp | 1 Vesta Control Panel | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. | |||||
| CVE-2020-24716 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | |||||
| CVE-2020-24941 | 1 Laravel | 1 Laravel | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. | |||||
| CVE-2020-25025 | 1 Localization Manager Project | 1 Localization Manager | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). | |||||