Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27594 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-07-12 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-28148 | 1 Grafana | 1 Grafana | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance. | |||||
| CVE-2021-27962 | 1 Grafana | 1 Grafana | 2022-07-12 | 4.9 MEDIUM | 7.1 HIGH |
| Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | |||||
| CVE-2021-27306 | 1 Konghq | 1 Kong Gateway | 2022-07-12 | 4.3 MEDIUM | 7.5 HIGH |
| An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. | |||||
| CVE-2021-23359 | 1 Port-killer Project | 1 Port-killer | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | |||||
| CVE-2021-20633 | 1 Cybozu | 1 Office | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors. | |||||
| CVE-2021-20626 | 1 Cybozu | 1 Office | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. | |||||
| CVE-2021-20625 | 1 Cybozu | 1 Office | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors. | |||||
| CVE-2021-20624 | 1 Cybozu | 1 Office | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. | |||||
| CVE-2020-35455 | 1 Taidii | 1 Diibear | 2022-07-12 | 2.1 LOW | 7.8 HIGH |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | |||||
| CVE-2020-35454 | 1 Taidii | 1 Diibear | 2022-07-12 | 2.1 LOW | 6.8 MEDIUM |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. | |||||
| CVE-2021-3127 | 1 Nats | 2 Jwt Library, Nats Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | |||||
| CVE-2020-4890 | 1 Ibm | 1 Spectrum Scale | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. | |||||
| CVE-2021-27230 | 1 Expressionengine | 1 Expressionengine | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | |||||
| CVE-2020-24985 | 1 Quadbase | 1 Espressdashboard | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. | |||||
| CVE-2021-27893 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2022-07-12 | 4.4 MEDIUM | 7.0 HIGH |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. | |||||
| CVE-2021-27892 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. | |||||
| CVE-2021-26923 | 1 Linuxfoundation | 1 Argo-cd | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. | |||||
| CVE-2021-24104 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-07-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| Microsoft SharePoint Spoofing Vulnerability | |||||
| CVE-2020-19417 | 1 Emerson | 2 Wireless 1420 Gateway, Wireless 1420 Gateway Firmware | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application. | |||||