Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9158 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. | |||||
| CVE-2021-22367 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
| CVE-2021-22375 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. | |||||
| CVE-2020-7868 | 2 Helpu, Microsoft | 2 Helpu, Windows | 2021-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login. | |||||
| CVE-2021-23996 | 1 Mozilla | 1 Firefox | 2021-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88. | |||||
| CVE-2020-24516 | 1 Intel | 179 B460, Celeron 6305, Celeron 6305e and 176 more | 2021-07-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-24000 | 1 Mozilla | 1 Firefox | 2021-07-01 | 2.6 LOW | 3.1 LOW |
| A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88. | |||||
| CVE-2021-33604 | 1 Vaadin | 2 Flow-server, Vaadin | 2021-07-01 | 1.2 LOW | 2.5 LOW |
| URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. | |||||
| CVE-2013-4949 | 1 Machform | 1 Machform | 2021-07-01 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/. | |||||
| CVE-2021-29957 | 1 Mozilla | 1 Thunderbird | 2021-06-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2. | |||||
| CVE-2007-2932 | 1 Boastmachine | 1 Boastmachine | 2021-06-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. | |||||
| CVE-2021-25649 | 1 Avaya | 1 Aura Utility Services | 2021-06-29 | 2.1 LOW | 5.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services. | |||||
| CVE-2019-8275 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. | |||||
| CVE-2021-23395 | 1 Nedb Project | 1 Nedb | 2021-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. | |||||
| CVE-2021-23396 | 1 Lutils Project | 1 Lutils | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function. | |||||
| CVE-2021-34170 | 1 Fromsoftware | 1 Dark Souls Iii | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. | |||||
| CVE-2021-0073 | 1 Intel | 1 Driver \& Support Assistant | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24509 | 1 Intel | 1 Server Platform Services | 2021-06-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2021-06-22 | 5.0 MEDIUM | N/A |
| Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | |||||
| CVE-2019-6531 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2021-06-22 | 4.3 MEDIUM | 8.1 HIGH |
| An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position. | |||||