Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23566 1 Nanoid Project 1 Nanoid 2022-07-12 2.1 LOW 5.5 MEDIUM
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CVE-2021-0959 1 Google 1 Android 2022-07-12 7.2 HIGH 7.8 HIGH
In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-200284993
CVE-2021-45806 1 Jpress 1 Jpress 2022-07-12 6.5 MEDIUM 8.8 HIGH
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
CVE-2021-42562 1 Mitre 1 Caldera 2022-07-12 5.5 MEDIUM 8.1 HIGH
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.
CVE-2021-42561 1 Mitre 1 Caldera 2022-07-12 9.0 HIGH 8.8 HIGH
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.
CVE-2021-43974 1 Sysaid 1 Itil 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.
CVE-2021-43055 1 Tibco 1 Eftl 2022-07-12 6.5 MEDIUM 8.8 HIGH
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.
CVE-2021-38991 1 Ibm 2 Aix, Vios 2022-07-12 4.6 MEDIUM 7.8 HIGH
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.
CVE-2021-44586 1 Dst-admin Project 1 Dst-admin 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.
CVE-2021-45441 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2022-07-12 7.2 HIGH 7.8 HIGH
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-45231 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2022-07-12 7.2 HIGH 7.8 HIGH
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-40006 1 Huawei 1 Harmonyos 2022-07-12 2.1 LOW 4.6 MEDIUM
The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-46075 1 Vehicle Service Management System Project 1 Vehicle Service Management System 2022-07-12 6.5 MEDIUM 7.2 HIGH
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
CVE-2021-44590 1 Libming 1 Libming 2022-07-12 4.3 MEDIUM 6.5 MEDIUM
In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.
CVE-2021-45457 1 Apache 1 Kylin 2022-07-12 5.0 MEDIUM 7.5 HIGH
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CVE-2020-5956 1 Insyde 1 Insydeh2o 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.
CVE-2021-45115 2 Djangoproject, Fedoraproject 2 Django, Fedora 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
CVE-2021-45979 2 Apple, Foxit 3 Macos, Pdf Editor, Pdf Reader 2022-07-12 6.8 MEDIUM 7.8 HIGH
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.
CVE-2021-45978 2 Apple, Foxit 3 Macos, Pdf Editor, Pdf Reader 2022-07-12 6.8 MEDIUM 7.8 HIGH
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.
CVE-2021-39980 1 Huawei 1 Harmonyos 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.