Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3440 | 1 Hp | 1 Hp Smart | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. | |||||
| CVE-2021-27004 | 1 Netapp | 1 Ontap System Manager | 2022-07-12 | 1.7 LOW | 5.5 MEDIUM |
| System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. | |||||
| CVE-2021-37254 | 1 M-files | 1 M-files Web | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | |||||
| CVE-2021-36991 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access. | |||||
| CVE-2021-22470 | 1 Huawei | 1 Harmonyos | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. | |||||
| CVE-2021-22034 | 1 Vmware | 1 Vrealize Operations Tenant | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | |||||
| CVE-2021-29873 | 1 Ibm | 12 Flashsystem 9000, Flashsystem 9000 Firmware, Flashsystem 9100 and 9 more | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. | |||||
| CVE-2021-36315 | 1 Dell | 38 Emc Powerscale Nodes A100, Emc Powerscale Nodes A100 Firmware, Emc Powerscale Nodes A200 and 35 more | 2022-07-12 | 7.2 HIGH | 6.8 MEDIUM |
| Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity. | |||||
| CVE-2021-30828 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root. | |||||
| CVE-2021-40996 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29645 | 2 Hitachi, Microsoft | 15 It Operations Director, Job Management Partner 1\/it Desktop Management-manager, Job Management Partner 1\/it Desktop Management 2-manager and 12 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | |||||
| CVE-2021-42087 | 1 Zammad | 1 Zammad | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | |||||
| CVE-2021-42086 | 1 Zammad | 1 Zammad | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | |||||
| CVE-2021-3848 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-39866 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. | |||||
| CVE-2021-38618 | 1 Gfos | 1 Workforce Management | 2022-07-12 | 6.8 MEDIUM | 8.1 HIGH |
| In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. | |||||
| CVE-2020-21014 | 1 Emlog | 1 Emlog | 2022-07-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | |||||
| CVE-2021-37274 | 1 Kingdee | 1 Kis Cloud | 2022-07-12 | 8.5 HIGH | 8.8 HIGH |
| Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | |||||
| CVE-2021-42773 | 1 Broadcom | 1 Emulex Hba Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | |||||