Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20777 | 1 Gu-global | 1 Gu | 2022-05-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2020-23219 | 1 Monstra | 1 Monstra Cms | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | |||||
| CVE-2021-35337 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter. | |||||
| CVE-2021-23275 | 1 Tibco | 4 Enterprise Runtime For R, Spotfire Analytics Platform, Spotfire Server and 1 more | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0. | |||||
| CVE-2020-28200 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | |||||
| CVE-2021-29966 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-29947 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. | |||||
| CVE-2021-22361 | 1 Huawei | 4 Ecns280, Ecns280 Firmware, Ese620x Vess and 1 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. | |||||
| CVE-2020-25755 | 1 Enphase | 2 Envoy, Envoy Firmware | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. | |||||
| CVE-2021-34801 | 1 Valine.js | 1 Valine | 2022-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. | |||||
| CVE-2021-28979 | 1 Thalesgroup | 1 Safenet Keysecure | 2022-05-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. | |||||
| CVE-2021-31927 | 1 Annexcloud | 1 Loyalty Experience Platform | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2. | |||||
| CVE-2021-0077 | 1 Intel | 1 Vtune Profiler | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0105 | 1 Intel | 10 Ac 9461, Ac 9461 Firmware, Ac 9462 and 7 more | 2022-05-03 | 4.1 MEDIUM | 7.3 HIGH |
| Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi drivers may allow an authenticated user to potentially enable information disclosure and denial of service via adjacent access. | |||||
| CVE-2020-24515 | 1 Intel | 4 Realsense Id F450, Realsense Id F450 Firmware, Realsense Id F455 and 1 more | 2022-05-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
| Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | |||||
| CVE-2020-11176 | 1 Qualcomm | 198 Apq8017, Apq8017 Firmware, Apq8053 and 195 more | 2022-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile | |||||
| CVE-2020-11182 | 1 Qualcomm | 536 Aqt1000, Aqt1000 Firmware, Pm3003a and 533 more | 2022-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11165 | 1 Qualcomm | 510 Aqt1000, Aqt1000 Firmware, Ar8035 and 507 more | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-33741 | 1 Microsoft | 1 Edge Chromium | 2022-05-03 | 5.1 MEDIUM | 7.5 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||