Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0542 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 | |||||
| CVE-2021-0539 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673 | |||||
| CVE-2021-0513 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809 | |||||
| CVE-2021-0505 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179975048 | |||||
| CVE-2021-29337 | 1 Msi | 1 Dragon Center | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory. | |||||
| CVE-2021-33823 | 1 Moxa | 2 Mgate Mb3180, Mgate Mb3180 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. | |||||
| CVE-2021-33820 | 1 Ui | 2 Camera G3 Flex, Camera G3 Flex Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. | |||||
| CVE-2021-33577 | 1 Cleo | 1 Lexicom | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain. | |||||
| CVE-2020-25414 | 1 Monstra | 1 Monstra | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2021-34825 | 2 Fedoraproject, Quassel-irc | 2 Fedora, Quassel | 2022-07-12 | 4.3 MEDIUM | 7.5 HIGH |
| Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. | |||||
| CVE-2021-34203 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2022-07-12 | 4.8 MEDIUM | 8.1 HIGH |
| D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. | |||||
| CVE-2021-20488 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2022-07-12 | 3.5 LOW | 6.5 MEDIUM |
| IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. | |||||
| CVE-2020-27339 | 2 Insyde, Siemens | 33 Insydeh2o, Ruggedcom Apr1808, Ruggedcom Apr1808 Firmware and 30 more | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
| In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). | |||||
| CVE-2021-31857 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | |||||
| CVE-2021-32033 | 1 Protectimus | 2 Slim Nfc 70, Slim Nfc 70 Firmware | 2022-07-12 | 1.9 LOW | 4.6 MEDIUM |
| Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token. | |||||
| CVE-2020-12985 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | |||||
| CVE-2020-12981 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. | |||||
| CVE-2020-12980 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | |||||
| CVE-2021-27200 | 1 Wowonder | 1 Wowonder | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day. | |||||
| CVE-2021-0491 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315 | |||||