Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38502 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. | |||||
| CVE-2020-5955 | 2 Insyde, Intel | 21 Insydeh2o Uefi Bios, Cannon Lake, Coffee Lake and 18 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges. | |||||
| CVE-2021-20135 | 1 Tenable | 1 Nessus | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus). | |||||
| CVE-2021-36924 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-36923 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-36922 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-36560 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | |||||
| CVE-2021-20136 | 1 Zohocorp | 1 Manageengine Log360 | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup. | |||||
| CVE-2021-3705 | 1 Hp | 4 Laserjet Pro J8h60a, Laserjet Pro J8h60a Firmware, Laserjet Pro J8h61a and 1 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. | |||||
| CVE-2021-3704 | 1 Hp | 4 Laserjet Pro J8h60a, Laserjet Pro J8h60a Firmware, Laserjet Pro J8h61a and 1 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device. | |||||
| CVE-2021-3440 | 1 Hp | 1 Hp Smart | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. | |||||
| CVE-2021-27005 | 1 Netapp | 1 Ontap System Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | |||||
| CVE-2021-27004 | 1 Netapp | 1 Ontap System Manager | 2022-07-12 | 1.7 LOW | 5.5 MEDIUM |
| System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. | |||||
| CVE-2021-42557 | 1 Jeedom | 1 Jeedom | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials. | |||||
| CVE-2021-25877 | 1 Youphptube | 1 Youphptube | 2022-07-12 | 9.0 HIGH | 7.2 HIGH |
| AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. | |||||
| CVE-2021-33259 | 1 D-link | 2 Dir-868lw, Dir-868lw Firmware | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. | |||||
| CVE-2021-30816 | 1 Apple | 2 Ipados, Iphone Os | 2022-07-12 | 2.1 LOW | 2.4 LOW |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. | |||||
| CVE-2021-37254 | 1 M-files | 1 M-files Web | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | |||||
| CVE-2021-36991 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access. | |||||
| CVE-2021-36986 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | |||||