Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39618 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999 | |||||
| CVE-2021-43055 | 1 Tibco | 1 Eftl | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2021-39684 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A | |||||
| CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | |||||
| CVE-2021-45230 | 1 Apache | 1 Airflow | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for. | |||||
| CVE-2021-46657 | 1 Mariadb | 1 Mariadb | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | |||||
| CVE-2021-38874 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. | |||||
| CVE-2021-28962 | 1 Stormshield | 1 Network Security | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | |||||
| CVE-2021-39070 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2022-07-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. | |||||
| CVE-2021-30116 | 1 Kaseya | 2 Vsa Agent, Vsa Server | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system. | |||||
| CVE-2021-43232 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Remote Code Execution Vulnerability | |||||
| CVE-2021-37115 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-43242 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-07-12 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. | |||||
| CVE-2021-43223 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-43214 | 1 Microsoft | 1 Raw Image Extension | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Web Media Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-40441 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Media Center Elevation of Privilege Vulnerability | |||||
| CVE-2021-42294 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309. | |||||
| CVE-2021-39991 | 1 Huawei | 1 Emui | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-30994 | 1 Apple | 1 Macos | 2022-07-12 | 4.3 MEDIUM | 3.3 LOW |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. | |||||
| CVE-2021-38988 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. | |||||