Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45503 | 1 Netgear | 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45502 | 1 Netgear | 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45501 | 1 Netgear | 38 Ac2400, Ac2400 Firmware, Ac2600 and 35 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84. | |||||
| CVE-2021-45500 | 1 Netgear | 4 R7000p, R7000p Firmware, R8000 and 1 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68. | |||||
| CVE-2021-45499 | 1 Netgear | 14 R6900p, R6900p Firmware, R7000p and 11 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. | |||||
| CVE-2021-45498 | 1 Netgear | 2 R6700v2, R6700v2 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass. | |||||
| CVE-2021-45497 | 1 Netgear | 2 D7000, D7000 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||||
| CVE-2021-45496 | 1 Netgear | 2 D7000, D7000 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||||
| CVE-2021-45495 | 1 Netgear | 2 D7000, D7000 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. | |||||
| CVE-2021-27006 | 1 Netapp | 1 Storagegrid | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | |||||
| CVE-2021-44526 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2022-07-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | |||||
| CVE-2021-38020 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-38019 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-20601 | 1 Thinkcmf | 1 Thinkcmf | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2021-38900 | 1 Ibm | 3 Business Automation Workflow, Business Process Manager, Workflow Process Service | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. | |||||
| CVE-2021-44877 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed. | |||||
| CVE-2021-45091 | 1 Stormshield | 1 Endpoint Security | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | |||||
| CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2022-07-12 | 2.3 LOW | 5.2 MEDIUM |
| Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | |||||
| CVE-2021-43441 | 1 Iorder Project | 1 Iorder | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form | |||||
| CVE-2021-43439 | 1 Iresturant Project | 1 Iresturant | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely | |||||