Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41393 | 1 Goteleport | 1 Teleport | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. | |||||
| CVE-2021-1824 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.9 MEDIUM | 4.4 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information. | |||||
| CVE-2021-21996 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2022-07-12 | 7.1 HIGH | 7.5 HIGH |
| An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. | |||||
| CVE-2021-29214 | 1 Hp | 1 Storeserv Management Console | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. | |||||
| CVE-2021-34470 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 5.2 MEDIUM | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34523. | |||||
| CVE-2021-1873 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text fields. | |||||
| CVE-2021-30657 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-38951 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. | |||||
| CVE-2020-4848 | 1 Ibm | 1 Urbancode Deploy | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293. | |||||
| CVE-2021-30688 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.6 MEDIUM | 8.8 HIGH |
| A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation. | |||||
| CVE-2021-38926 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. | |||||
| CVE-2021-41795 | 1 1password | 1 1password | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.) | |||||
| CVE-2021-43183 | 1 Jetbrains | 1 Hub | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | |||||
| CVE-2021-34824 | 1 Istio | 1 Istio | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. | |||||
| CVE-2021-22314 | 1 Huawei | 1 Manageone | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | |||||
| CVE-2021-0462 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168799695 | |||||
| CVE-2021-30713 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2020-13665 | 1 Drupal | 1 Drupal | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1. | |||||
| CVE-2020-1350 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2022-07-12 | 10.0 HIGH | 10.0 CRITICAL |
| A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | |||||
| CVE-2021-39781 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502 | |||||