Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0480 | 1 Google | 1 Android | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336 | |||||
| CVE-2021-0590 | 1 Google | 1 Android | 2022-07-12 | 4.9 MEDIUM | 4.4 MEDIUM |
| In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041 | |||||
| CVE-2021-20081 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Servicedesk Plus | 2022-07-12 | 9.0 HIGH | 7.2 HIGH |
| Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2021-20617 | 1 Acmailer | 2 Acmailer, Acmailer Db | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors. | |||||
| CVE-2021-20624 | 1 Cybozu | 1 Office | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. | |||||
| CVE-2021-20643 | 1 Elecom | 2 Ld-ps\/u1, Ld-ps\/u1 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request. | |||||
| CVE-2021-20694 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. | |||||
| CVE-2021-20712 | 1 Nec | 4 Aterm Wg2600hs, Aterm Wg2600hs Firmware, Aterm Wx3000hp and 1 more | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function. | |||||
| CVE-2021-21133 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-21129 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |||||
| CVE-2021-21127 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. | |||||
| CVE-2021-21189 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-22128 | 1 Fortinet | 1 Fortiproxy | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. | |||||
| CVE-2021-22213 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | |||||
| CVE-2021-22928 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. | |||||
| CVE-2021-22976 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-23985 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. | |||||
| CVE-2021-27619 | 1 Sap | 1 Commerce | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure. | |||||
| CVE-2021-27173 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI). | |||||
| CVE-2021-28817 | 2 Microsoft, Tibco | 2 Windows, Rendezvous | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. | |||||