Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21219 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2021-21217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2021-21210 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. | |||||
| CVE-2021-20712 | 1 Nec | 4 Aterm Wg2600hs, Aterm Wg2600hs Firmware, Aterm Wx3000hp and 1 more | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function. | |||||
| CVE-2021-20694 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. | |||||
| CVE-2021-20693 | 1 Gurunavi | 1 Gurunavi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 7.5 HIGH | 10.0 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | |||||
| CVE-2021-0216 | 1 Juniper | 3 Acx5448, Acx710, Junos | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause BFD sessions to flap when a high rate of transit ARP packets are received. This, in turn, may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. When a high rate of transit ARP packets are exceptioned to the CPU and BFD flaps, the following log messages may be seen: bfdd[15864]: BFDD_STATE_UP_TO_DOWN: BFD Session 192.168.14.3 (IFL 232) state Up -> Down LD/RD(17/19) Up time:11:38:17 Local diag: CtlExpire Remote diag: None Reason: Detect Timer Expiry. bfdd[15864]: BFDD_TRAP_SHOP_STATE_DOWN: local discriminator: 17, new state: down, interface: irb.998, peer addr: 192.168.14.3 rpd[15839]: RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency to peer on irb.998, reason: BFD Session Down bfdd[15864]: BFDD_TRAP_SHOP_STATE_UP: local discriminator: 17, new state: up, interface: irb.998, peer addr: 192.168.14.3 This issue only affects the ACX5448 Series and ACX710 Series routers. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 18.2 versions prior to 18.2R3-S8 on ACX5448; 18.3 versions prior to 18.3R3-S5 on ACX5448; 18.4 versions prior to 18.4R1-S6, 18.4R3-S7 on ACX5448; 19.1 versions prior to 19.1R3-S5 on ACX5448; 19.2 versions prior to 19.2R2, 19.2R3 on ACX5448; 19.3 versions prior to 19.3R3 on ACX5448; 19.4 versions prior to 19.4R3 on ACX5448; 20.1 versions prior to 20.1R2 on ACX5448; 20.2 versions prior to 20.2R2 on ACX5448 and ACX710. | |||||
| CVE-2021-31554 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked. | |||||
| CVE-2021-31552 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations. | |||||
| CVE-2021-31548 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed. | |||||
| CVE-2021-31547 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules. | |||||
| CVE-2021-1076 | 2 Debian, Nvidia | 2 Debian Linux, Gpu Display Driver | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. | |||||
| CVE-2020-27568 | 1 Aviatrix | 1 Controller | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. | |||||
| CVE-2021-20501 | 1 Ibm | 1 I | 2022-07-12 | 6.4 MEDIUM | 8.2 HIGH |
| IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056. | |||||
| CVE-2021-27692 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input. | |||||
| CVE-2021-27691 | 1 Tendacn | 6 G0, G0 Firmware, G1 and 3 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input. | |||||
| CVE-2021-30487 | 1 Zulip | 1 Zulip Server | 2022-07-12 | 4.0 MEDIUM | 2.7 LOW |
| In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation. | |||||
| CVE-2021-30479 | 1 Zulip | 1 Zulip Server | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization. | |||||
| CVE-2021-30478 | 1 Zulip | 1 Zulip Server | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation. | |||||