Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41020 | 1 Fortinet | 1 Fortiisolator | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. | |||||
| CVE-2021-43164 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. | |||||
| CVE-2021-46440 | 1 Strapi | 1 Strapi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | |||||
| CVE-2021-38919 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 | |||||
| CVE-2021-38874 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. | |||||
| CVE-2021-29776 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. | |||||
| CVE-2021-29824 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. | |||||
| CVE-2020-14121 | 1 Mi | 1 Mi App Store | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation. | |||||
| CVE-2020-14117 | 1 Mi | 1 Content Center | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP. | |||||
| CVE-2021-44520 | 1 Citrix | 1 Xenmobile Server | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | |||||
| CVE-2021-39808 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 | |||||
| CVE-2021-39803 | 1 Google | 1 Android | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350 | |||||
| CVE-2021-39802 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel | |||||
| CVE-2021-39799 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 | |||||
| CVE-2021-46742 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. | |||||
| CVE-2021-37292 | 1 Kevinlab | 1 4st L-bems | 2022-07-12 | 9.0 HIGH | 7.2 HIGH |
| An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. | |||||
| CVE-2021-43483 | 1 Claro | 2 Kaon Cg3000, Kaon Cg3000 Firmware | 2022-07-12 | 5.2 MEDIUM | 8.0 HIGH |
| An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. | |||||
| CVE-2021-46419 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. | |||||
| CVE-2021-46418 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | |||||
| CVE-2021-45104 | 1 Wisc | 1 Htcondor | 2022-07-12 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data. | |||||