Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44981 1 Quickbox 1 Quickbox 2022-07-12 9.0 HIGH 8.8 HIGH
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(''); function, which allows for privilege escalation by means of RCE.
CVE-2021-45230 1 Apache 1 Airflow 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
CVE-2021-43269 1 Code42 1 Code42 2022-07-12 6.5 MEDIUM 8.8 HIGH
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Professional and Enterprise are unaffected.)
CVE-2021-38789 1 Allwinnertech 2 Android Q Sdk, R818 2022-07-12 5.0 MEDIUM 7.5 HIGH
Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings.
CVE-2021-38788 1 Allwinnertech 2 Android Q Sdk, R818 2022-07-12 5.0 MEDIUM 7.5 HIGH
The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the interface provided by the service to set the number of applications allowed to run in the background to 0 and add themselves to the whitelist, so that once other applications enter the background, they will be forcibly stopped by the system, causing a denial of service.
CVE-2021-44836 1 Deltarm 1 Delta Rm 2022-07-12 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.
CVE-2021-44840 1 Deltarm 1 Delta Rm 2022-07-12 4.0 MEDIUM 2.7 LOW
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user.
CVE-2021-41551 1 Leostream 1 Connection Broker 2022-07-12 4.0 MEDIUM 4.9 MEDIUM
Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.
CVE-2021-38696 1 Softvibe 1 Saraban 2022-07-12 5.0 MEDIUM 7.5 HIGH
SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication.
CVE-2021-45394 1 Html2pdf Project 1 Html2pdf 2022-07-12 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.
CVE-2021-44757 1 Zohocorp 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers 2022-07-12 6.4 MEDIUM 9.1 CRITICAL
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
CVE-2021-44049 1 Cyberark 1 Endpoint Privilege Manager 2022-07-12 6.9 MEDIUM 7.8 HIGH
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.
CVE-2021-39684 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A
CVE-2021-39678 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A
CVE-2021-39630 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292
CVE-2021-39627 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549
CVE-2021-39625 1 Google 1 Android 2022-07-12 6.9 MEDIUM 7.3 HIGH
In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347
CVE-2021-39622 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648
CVE-2021-39621 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319
CVE-2021-39618 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999