Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30772 | 1 Apple | 2 Mac Os X, Macos | 2022-05-03 | 9.3 HIGH | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-31785 | 1 Actions-semi | 10 Ats2815, Ats2815 Firmware, Ats2819 and 7 more | 2022-05-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication. | |||||
| CVE-2021-31611 | 1 Zh-jieli | 10 Ac6901, Ac6901 Firmware, Ac6921 and 7 more | 2022-05-03 | 3.3 LOW | 5.7 MEDIUM |
| The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication. | |||||
| CVE-2021-26436 | 1 Microsoft | 1 Edge | 2022-05-03 | 6.8 MEDIUM | 8.1 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. | |||||
| CVE-2021-40352 | 1 Open-emr | 1 Openemr | 2022-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. | |||||
| CVE-2021-36232 | 1 Unit4 | 1 Mik.starlight | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. | |||||
| CVE-2021-35062 | 1 Testzentrum-odw | 1 Testerfassung | 2022-05-03 | 9.3 HIGH | 8.1 HIGH |
| A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server. | |||||
| CVE-2021-22250 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | |||||
| CVE-2021-22244 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | |||||
| CVE-2021-22248 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | |||||
| CVE-2020-18900 | 1 Libexe Project | 1 Libexe | 2022-05-03 | 1.9 LOW | 3.3 LOW |
| ** DISPUTED ** A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub. | |||||
| CVE-2021-39282 | 1 Live555 | 1 Live555 | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. | |||||
| CVE-2021-29990 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. | |||||
| CVE-2021-36282 | 1 Dell | 1 Emc Powerscale Onefs | 2022-05-03 | 2.1 LOW | 3.3 LOW |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. | |||||
| CVE-2021-21568 | 1 Dell | 1 Emc Powerscale Onefs | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. | |||||
| CVE-2021-0114 | 1 Intel | 1064 Atom C3000, Atom C3308, Atom C3336 and 1061 more | 2022-05-03 | 7.2 HIGH | 6.7 MEDIUM |
| Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-32071 | 1 Mitel | 1 Micollab | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users. | |||||
| CVE-2021-31698 | 1 Quectel | 2 Eg25-g, Eg25-g Firmware | 2022-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | |||||
| CVE-2021-33762 | 1 Microsoft | 1 Azure Cyclecloud | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36943. | |||||
| CVE-2021-26431 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |||||