Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30751 1 Apple 1 Macos 2022-07-12 4.3 MEDIUM 5.5 MEDIUM
This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences.
CVE-2021-30721 1 Apple 2 Mac Os X, Macos 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.
CVE-2021-1929 1 Qualcomm 186 Apq8096au, Apq8096au Firmware, Aqt1000 and 183 more 2022-07-12 2.1 LOW 5.5 MEDIUM
Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2021-1904 1 Qualcomm 350 Apq8009, Apq8009 Firmware, Apq8009w and 347 more 2022-07-12 2.1 LOW 5.5 MEDIUM
Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-38142 1 Barco 1 Mirrorop Windows Sender 2022-07-12 7.2 HIGH 8.8 HIGH
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
CVE-2021-38617 1 Eigentech 1 Natural Language Processing 2022-07-12 6.5 MEDIUM 8.8 HIGH
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.
CVE-2021-38616 1 Eigentech 1 Natural Language Processing 2022-07-12 6.5 MEDIUM 8.8 HIGH
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
CVE-2021-38615 1 Eigentech 1 Natural Language Processing 2022-07-12 5.5 MEDIUM 8.1 HIGH
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information.
CVE-2021-31786 1 Actions-semi 10 Ats2815, Ats2815 Firmware, Ats2819 and 7 more 2022-07-12 6.1 MEDIUM 6.5 MEDIUM
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.
CVE-2021-33831 1 Th-wildau 1 Covid-19 Contact Tracing 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.
CVE-2021-28135 1 Espressif 1 Esp-idf 2022-07-12 3.3 LOW 6.5 MEDIUM
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.
CVE-2020-15939 1 Fortinet 1 Fortisandbox 2022-07-12 4.0 MEDIUM 4.3 MEDIUM
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
CVE-2021-36744 2 Microsoft, Trendmicro 5 Windows, Maximum Security 2019, Maximum Security 2020 and 2 more 2022-07-12 4.6 MEDIUM 7.8 HIGH
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.
CVE-2021-30615 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2022-07-12 4.3 MEDIUM 6.5 MEDIUM
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-22525 1 Microfocus 1 Access Manager 2022-07-12 2.1 LOW 5.5 MEDIUM
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
CVE-2021-31798 1 Cyberark 1 Credential Provider 2022-07-12 1.9 LOW 4.4 MEDIUM
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.
CVE-2021-31796 1 Cyberark 1 Credential Provider 2022-07-12 5.0 MEDIUM 7.5 HIGH
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.
CVE-2021-39119 1 Atlassian 2 Data Center, Jira 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.
CVE-2021-40385 1 Kaseya 1 Unitrends Backup Software 2022-07-12 9.0 HIGH 8.8 HIGH
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.
CVE-2021-40382 1 Comprotech 8 Ip570, Ip570 Firmware, Ip60 and 5 more 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.