Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28094 | 1 Open-xchange | 1 Open-xchange Documents | 2022-07-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32. | |||||
| CVE-2021-28093 | 1 Open-xchange | 1 Open-xchange Documents | 2022-07-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. | |||||
| CVE-2021-20114 | 1 Tecnick | 1 Tcexam | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. | |||||
| CVE-2020-16839 | 1 Crestron | 6 Dm-nvx-dir-160, Dm-nvx-dir-160 Firmware, Dm-nvx-dir-80 and 3 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request. | |||||
| CVE-2021-29736 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. | |||||
| CVE-2020-18174 | 1 Autohotkey | 1 Autohotkey | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. | |||||
| CVE-2020-18170 | 1 Abloy | 1 Key Manager | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. | |||||
| CVE-2021-37394 | 1 Rpcms | 1 Rpcms | 2022-07-12 | 6.0 MEDIUM | 8.8 HIGH |
| In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. | |||||
| CVE-2021-20337 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448. | |||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2022-07-12 | 2.1 LOW | 3.3 LOW |
| NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | |||||
| CVE-2021-37452 | 1 Nch | 1 Quorum | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | |||||
| CVE-2021-29149 | 1 Arubanetworks | 8 Aos-cx Firmware, Cx 6200f, Cx 6300 and 5 more | 2022-07-12 | 4.6 MEDIUM | 6.2 MEDIUM |
| A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. | |||||
| CVE-2021-36934 | 1 Microsoft | 1 Windows 10 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Elevation of Privilege Vulnerability | |||||
| CVE-2021-22146 | 1 Elastic | 1 Elasticsearch | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster. | |||||
| CVE-2021-20106 | 1 Tenable | 1 Nessus | 2022-07-12 | 8.5 HIGH | 6.5 MEDIUM |
| Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | |||||
| CVE-2021-31590 | 1 Pwndoc Project | 1 Pwndoc | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system. | |||||
| CVE-2021-29707 | 1 Ibm | 1 Hardware Management Console | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879. | |||||
| CVE-2021-34466 | 1 Microsoft | 1 Windows 10 | 2022-07-12 | 3.6 LOW | 6.1 MEDIUM |
| Windows Hello Security Feature Bypass Vulnerability | |||||
| CVE-2021-34462 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||
| CVE-2020-4980 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539. | |||||