Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30948 | 1 Apple | 2 Ipados, Iphone Os | 2022-07-12 | 2.1 LOW | 4.6 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. | |||||
| CVE-2021-30945 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-30932 | 1 Apple | 2 Ipados, Iphone Os | 2022-07-12 | 2.1 LOW | 4.6 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access contacts from the lock screen. | |||||
| CVE-2021-22449 | 1 Huawei | 1 Elf-g10hn | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device. | |||||
| CVE-2021-22328 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800. | |||||
| CVE-2021-22252 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers | |||||
| CVE-2021-35465 | 1 Arm | 8 China Star-mc1, China Star-mc1 Firmware, Cortex-m33 and 5 more | 2022-07-12 | 3.6 LOW | 3.4 LOW |
| Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration). | |||||
| CVE-2021-39291 | 1 Netmodule | 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | |||||
| CVE-2021-39289 | 1 Netmodule | 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | |||||
| CVE-2020-35683 | 2 Hcc-embedded, Siemens | 3 Nichestack, 7km9300-0ae02-0aa0, 7km9300-0ae02-0aa0 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. | |||||
| CVE-2021-31228 | 1 Hcc-embedded | 1 Nichestack | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits. | |||||
| CVE-2021-0415 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692. | |||||
| CVE-2021-20773 | 1 Cybozu | 1 Garoon | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege. | |||||
| CVE-2021-20768 | 1 Cybozu | 1 Garoon | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege. | |||||
| CVE-2021-20763 | 1 Cybozu | 1 Garoon | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege. | |||||
| CVE-2021-20756 | 1 Cybozu | 1 Garoon | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege. | |||||
| CVE-2021-20755 | 1 Cybozu | 1 Garoon | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege. | |||||
| CVE-2021-39249 | 1 Invisioncommunity | 1 Invision Power Board | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function. | |||||
| CVE-2021-0645 | 1 Google | 1 Android | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320644 | |||||
| CVE-2020-4706 | 1 Ibm | 1 Api Connect | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194. | |||||