Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44512 | 1 Tmate | 1 Tmate-ssh-server | 2022-05-03 | 4.4 MEDIUM | 7.0 HIGH |
| World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory. | |||||
| CVE-2021-44686 | 2 Calibre-ebook, Fedoraproject | 2 Calibre, Fedora | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. | |||||
| CVE-2021-20835 | 1 Mercari | 1 Mercari | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained. | |||||
| CVE-2021-37023 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network.. | |||||
| CVE-2021-29329 | 1 Moddable | 1 Moddable | 2022-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. | |||||
| CVE-2021-29324 | 1 Moddable | 1 Moddable | 2022-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. | |||||
| CVE-2021-0197 | 1 Intel | 6 Ethernet Network Controller E810-cam1, Ethernet Network Controller E810-cam1 Firmware, Ethernet Network Controller E810-cam2 and 3 more | 2022-05-03 | 2.1 LOW | 4.4 MEDIUM |
| Protection mechanism failure in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access. | |||||
| CVE-2021-0157 | 1 Intel | 484 Celeron N2805, Celeron N2806, Celeron N2807 and 481 more | 2022-05-03 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0146 | 1 Intel | 144 Atom C3000, Atom C3000 Firmware, Atom X5-e3930 and 141 more | 2022-05-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-0064 | 1 Intel | 24 7265, 7265 Firmware, Ac 3165 and 21 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-38976 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781. | |||||
| CVE-2021-3380 | 1 Height8tech | 1 H8 Ssrms | 2022-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. | |||||
| CVE-2021-43519 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2022-05-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. | |||||
| CVE-2021-39914 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user | |||||
| CVE-2021-36192 | 1 Fortinet | 1 Fortimanager | 2022-05-03 | 2.1 LOW | 3.8 LOW |
| An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS. | |||||
| CVE-2021-38499 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93. | |||||
| CVE-2021-38494 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92. | |||||
| CVE-2021-43266 | 1 Mahara | 1 Mahara | 2022-05-03 | 4.6 MEDIUM | 7.3 HIGH |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution | |||||
| CVE-2021-41023 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | |||||
| CVE-2021-36183 | 1 Fortinet | 1 Forticlient | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | |||||