Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27921 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27065 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078. | |||||
| CVE-2021-26857 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. | |||||
| CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. | |||||
| CVE-2021-3332 | 1 Wpserveur | 1 Wps Hide Login | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. | |||||
| CVE-2021-25284 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2022-07-12 | 1.9 LOW | 4.4 MEDIUM |
| An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. | |||||
| CVE-2021-0403 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124. | |||||
| CVE-2021-1731 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| PFX Encryption Security Feature Bypass Vulnerability | |||||
| CVE-2021-21972 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | |||||
| CVE-2021-20657 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors. | |||||
| CVE-2021-27579 | 1 Snowsoftware | 1 Snow Inventory Agent | 2022-07-12 | 4.4 MEDIUM | 7.8 HIGH |
| Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings. | |||||
| CVE-2021-26685 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-27214 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | |||||
| CVE-2021-27378 | 1 Rand Core Project | 1 Rand Core | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. | |||||
| CVE-2021-27375 | 1 Containous | 1 Traefik | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. | |||||
| CVE-2021-3396 | 1 Opennms | 3 Horizon, Meridian, Newts | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions. | |||||
| CVE-2021-20072 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2022-07-12 | 8.7 HIGH | 7.2 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. | |||||
| CVE-2021-27211 | 1 Steghide Project | 1 Steghide | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. | |||||
| CVE-2021-27201 | 1 Endian | 1 Firewall Community | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. | |||||
| CVE-2021-22976 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||