Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44032 | 1 Tp-link | 1 Omada Software Controller | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. | |||||
| CVE-2021-32025 | 1 Blackberry | 4 Qnx Momentics, Qnx Os For Medical, Qnx Os For Safety and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. | |||||
| CVE-2021-28488 | 1 Ericsson | 1 Network Manager | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). | |||||
| CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2022-07-12 | 3.6 LOW | 6.0 MEDIUM |
| A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | |||||
| CVE-2021-38989 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. | |||||
| CVE-2021-38988 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. | |||||
| CVE-2021-46384 | 1 Mingsoft | 1 Mcms | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. | |||||
| CVE-2021-45864 | 1 Tsmuxer Project | 1 Tsmuxer | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. | |||||
| CVE-2021-41282 | 1 Pfsense | 1 Pfsense | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. | |||||
| CVE-2020-15936 | 1 Fortinet | 1 Fortios | 2022-07-12 | 4.0 MEDIUM | 4.5 MEDIUM |
| A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | |||||
| CVE-2021-36166 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | |||||
| CVE-2021-38955 | 1 Ibm | 2 Aix, Vios | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. | |||||
| CVE-2020-4925 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. | |||||
| CVE-2021-44747 | 1 F-secure | 5 Atlant, Elements Endpoint Protection, Internet Gatekeeper and 2 more | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | |||||
| CVE-2020-22844 | 1 Mikrotik | 1 Routeros | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. | |||||
| CVE-2020-27958 | 1 Osu | 1 Ohio Supercomputer Center Open Ondemand | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | |||||
| CVE-2021-40046 | 1 Huawei | 1 Pcmanager | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. | |||||
| CVE-2021-22448 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files. | |||||
| CVE-2021-22430 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. | |||||
| CVE-2021-44664 | 1 Xerte | 1 Xerte | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable. | |||||