Weekly Vulnerabilities Reports > June 7 to 13, 2021

Overview

597 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 83 high severity vulnerabilities. This weekly summary report vulnerabilities in 1328 products from 140 vendors including Google, Intel, Microsoft, SAP, and Qualcomm. Vulnerabilities are notably categorized as "Improper Input Validation", "Out-of-bounds Write", "Cross-site Scripting", "Improper Privilege Management", and "Use After Free".

  • 377 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 99 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 503 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 75 reported vulnerabilities.
  • Qualcomm has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-06-11 CVE-2021-0474 Google Out-of-bounds Write vulnerability in Google Android

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow.

10.0
2021-06-11 CVE-2021-22763 Schneider Electric Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

10.0
2021-06-09 CVE-2021-33841 Circutor OS Command Injection vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.

10.0
2021-06-09 CVE-2020-11176 Qualcomm Improper Certificate Validation vulnerability in Qualcomm products

While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile

10.0
2021-06-09 CVE-2020-11291 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile

10.0
2021-06-09 CVE-2020-11134 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

10.0
2021-06-09 CVE-2020-11182 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

10.0
2021-06-07 CVE-2021-20698 Sharp NEC Display Command Injection vulnerability in Sharp-Nec-Display products

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.300 and prior to it, P484 R3.300 and prior to it, P554 R3.300 and prior to it, V404 R3.300 and prior to it, V484 R3.300 and prior to it, V554 R3.300 and prior to it, V404-T R3.300 and prior to it, V484-T R3.300 and prior to it, V554-T R3.300 and prior to it, C501 R2.100 and prior to it, C551 R2.100 and prior to it, C431 R2.100 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.

10.0
2021-06-07 CVE-2021-20699 Sharp NEC Display Classic Buffer Overflow vulnerability in Sharp-Nec-Display products

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.300 and prior to it, P484 R3.300 and prior to it, P554 R3.300 and prior to it, V404 R3.300 and prior to it, V484 R3.300 and prior to it, V554 R3.300 and prior to it, V404-T R3.300 and prior to it, V484-T R3.300 and prior to it, V554-T R3.300 and prior to it, C501 R2.100 and prior to it, C551 R2.100 and prior to it, C431 R2.100 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.

10.0
2021-06-09 CVE-2020-11126 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

9.4
2021-06-09 CVE-2020-11159 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

9.4
2021-06-11 CVE-2021-0481 Google Improper Privilege Management vulnerability in Google Android

In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler.

9.3
2021-06-08 CVE-2021-1675 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

9.3
2021-06-08 CVE-2021-31956 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows NTFS Elevation of Privilege Vulnerability

9.3
2021-06-10 CVE-2021-23024 F5 Unspecified vulnerability in F5 Big-Iq Centralized Management

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages.

9.0
2021-06-10 CVE-2021-31928 Annexcloud Improper Privilege Management vulnerability in Annexcloud Loyalty Experience Platform

Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator.

9.0
2021-06-10 CVE-2021-20081 Zohocorp Improper Input Validation vulnerability in Zohocorp Manageengine Servicedesk Plus 8.1/8.2/9.0

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.

9.0
2021-06-09 CVE-2021-33393 Ipfire Unspecified vulnerability in Ipfire

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account.

9.0
2021-06-09 CVE-2021-33356 Raspap Improper Privilege Management vulnerability in Raspap

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.

9.0
2021-06-09 CVE-2021-33358 Raspap OS Command Injection vulnerability in Raspap

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.

9.0

83 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-06-11 CVE-2021-23205 Gallagher Improper Encoding or Escaping of Output vulnerability in Gallagher Command Centre

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege.

8.5
2021-06-11 CVE-2021-0473 Google Double Free vulnerability in Google Android

In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data.

8.3
2021-06-11 CVE-2021-0475 Google Use After Free vulnerability in Google Android 10.0/11.0

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free.

8.3
2021-06-09 CVE-2021-20731 Buffalo OS Command Injection vulnerability in Buffalo Wsr-1166Dhp3 Firmware and Wsr-1166Dhp4 Firmware

WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.

8.3
2021-06-10 CVE-2021-21736 ZTE Incorrect Default Permissions vulnerability in ZTE Zxhn Hs562 Firmware 1.0.0.0B2.0000/1.0.0.0B3.0000

A smart camera product of ZTE is impacted by a permission and access control vulnerability.

8.0
2021-06-11 CVE-2021-20591 Mitsubishielectric Resource Exhaustion vulnerability in Mitsubishielectric products

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.

7.8
2021-06-09 CVE-2020-11238 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.8
2021-06-09 CVE-2020-11241 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.8
2021-06-08 CVE-2021-31975 Microsoft Information Exposure vulnerability in Microsoft products

Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31976.

7.8
2021-06-08 CVE-2021-31976 Microsoft Information Exposure vulnerability in Microsoft products

Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31975.

7.8
2021-06-09 CVE-2021-33842 Circutor Improper Authentication vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user.

7.7
2021-06-11 CVE-2021-27200 Wowonder Inadequate Encryption Strength vulnerability in Wowonder 3.0.4

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php.

7.5
2021-06-11 CVE-2021-21795 Accusoft Integer Overflow or Wraparound vulnerability in Accusoft Imagegear 19.9

A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9.

7.5
2021-06-11 CVE-2021-21833 Accusoft Improper Validation of Array Index vulnerability in Accusoft Imagegear 19.9

An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9.

7.5
2021-06-11 CVE-2021-27410 Hillrom Out-of-bounds Write vulnerability in Hillrom products

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).

7.5
2021-06-11 CVE-2021-32930 Advantech Missing Authentication for Critical Function vulnerability in Advantech Iview 5.6/5.7.03.6112

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).

7.5
2021-06-11 CVE-2021-22765 SE Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.

7.5
2021-06-11 CVE-2021-22767 SE Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22768

7.5
2021-06-11 CVE-2021-22768 SE Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767.

7.5
2021-06-11 CVE-2021-25383 Google Classic Buffer Overflow vulnerability in Google Android

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

7.5
2021-06-11 CVE-2021-25384 Google Improper Input Validation vulnerability in Google Android

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

7.5
2021-06-11 CVE-2021-25385 Google Classic Buffer Overflow vulnerability in Google Android

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

7.5
2021-06-11 CVE-2021-25386 Google Classic Buffer Overflow vulnerability in Google Android

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

7.5
2021-06-11 CVE-2021-25387 Google Out-of-bounds Write vulnerability in Google Android

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

7.5
2021-06-11 CVE-2021-3013 Ripgrep Project Unspecified vulnerability in Ripgrep Project Ripgrep

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.

7.5
2021-06-10 CVE-2020-23302 Jerryscript Use After Free vulnerability in Jerryscript 2.2.0

There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0

7.5
2021-06-10 CVE-2020-23303 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 2.2.0

There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.

7.5
2021-06-10 CVE-2020-23306 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 2.2.0

There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.

7.5
2021-06-10 CVE-2020-23321 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 2.2.0

There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.

7.5
2021-06-10 CVE-2020-23323 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 2.2.0

There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.

7.5
2021-06-10 CVE-2021-25948 Expand Hash Project Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Expand-Hash Project Expand-Hash

Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

7.5
2021-06-10 CVE-2021-25949 SET Getter Project Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Set-Getter Project Set-Getter 0.1.0

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.

7.5
2021-06-10 CVE-2021-26691 Apache
Debian
Out-of-bounds Write vulnerability in multiple products

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

7.5
2021-06-09 CVE-2021-33357 Raspap OS Command Injection vulnerability in Raspap

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.

7.5
2021-06-09 CVE-2021-33833 Intel Out-of-bounds Write vulnerability in Intel Connection Manager

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).

7.5
2021-06-09 CVE-2020-15377 Broadcom Server-Side Request Forgery (SSRF) vulnerability in Broadcom Sannav

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).

7.5
2021-06-09 CVE-2021-23853 Bosch Improper Input Validation vulnerability in Bosch products

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.

7.5
2021-06-08 CVE-2021-31962 Microsoft Unspecified vulnerability in Microsoft products

Kerberos AppContainer Security Feature Bypass Vulnerability

7.5
2021-06-08 CVE-2021-31980 Microsoft Unspecified vulnerability in Microsoft Intune Management Extension

Microsoft Intune Management Extension Remote Code Execution Vulnerability

7.5
2021-06-08 CVE-2021-26471 Vembu Unspecified vulnerability in Vembu BDR Suite and Offsite DR

Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 1 of 2).

7.5
2021-06-08 CVE-2021-26472 Vembu Unspecified vulnerability in Vembu BDR Suite and Offsite DR

Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 2 of 2).

7.5
2021-06-08 CVE-2021-26473 Vembu Unrestricted Upload of File with Dangerous Type vulnerability in Vembu BDR Suite and Offsite DR

Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a GET request that specifies a file's name and content.

7.5
2021-06-08 CVE-2021-28293 Seceon Weak Password Recovery Mechanism for Forgotten Password vulnerability in Seceon Aisiem

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature.

7.5
2021-06-08 CVE-2021-32673 REG Keygen GIT Hash Project Code Injection vulnerability in Reg-Keygen-Git-Hash Project Reg-Keygen-Git-Hash

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash.

7.5
2021-06-07 CVE-2021-29504 WP CLI Improper Certificate Validation vulnerability in Wp-Cli

WP-CLI is the command-line interface for WordPress.

7.5
2021-06-11 CVE-2021-0477 Google Improper Privilege Management vulnerability in Google Android

In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent.

7.2
2021-06-11 CVE-2021-0485 Google Improper Privilege Management vulnerability in Google Android 11.0

In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass.

7.2
2021-06-11 CVE-2021-0487 Google Improper Privilege Management vulnerability in Google Android 11.0

In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack.

7.2
2021-06-11 CVE-2021-0489 Google Out-of-bounds Write vulnerability in Google Android

In memory management driver, there is a possible out of bounds write due to a missing bounds check.

7.2
2021-06-11 CVE-2021-0490 Google Out-of-bounds Write vulnerability in Google Android

In memory management driver, there is a possible out of bounds write due to a missing bounds check.

7.2
2021-06-11 CVE-2021-0491 Google Improper Privilege Management vulnerability in Google Android

In memory management driver, there is a possible escalation of privilege due to a missing permission check.

7.2
2021-06-11 CVE-2021-0492 Google Out-of-bounds Write vulnerability in Google Android

In memory management driver, there is a possible out of bounds write due to a missing bounds check.

7.2
2021-06-11 CVE-2021-0493 Google Out-of-bounds Write vulnerability in Google Android

In memory management driver, there is a possible out of bounds write due to a missing bounds check.

7.2
2021-06-11 CVE-2021-0494 Google Integer Overflow or Wraparound vulnerability in Google Android

In memory management driver, there is a possible out of bounds write due to an integer overflow.

7.2
2021-06-11 CVE-2021-0495 Google Out-of-bounds Write vulnerability in Google Android

In memory management driver, there is a possible out of bounds write due to uninitialized data.

7.2
2021-06-11 CVE-2021-0496 Google Use After Free vulnerability in Google Android

In memory management driver, there is a possible memory corruption due to a use after free.

7.2
2021-06-11 CVE-2021-0497 Google Use After Free vulnerability in Google Android

In memory management driver, there is a possible memory corruption due to a use after free.

7.2
2021-06-11 CVE-2021-0498 Google Double Free vulnerability in Google Android

In memory management driver, there is a possible memory corruption due to a double free.

7.2
2021-06-11 CVE-2021-25412 Google Incorrect Authorization vulnerability in Google Android 10.0

An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.

7.2
2021-06-11 CVE-2021-25682 Canonical Improper Input Validation vulnerability in Canonical Apport

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

7.2
2021-06-11 CVE-2021-25683 Canonical Improper Input Validation vulnerability in Canonical Apport

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

7.2
2021-06-10 CVE-2021-23022 F5 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions.

7.2
2021-06-10 CVE-2021-34546 Netsetman Improper Authentication vulnerability in Netsetman

An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature.

7.2
2021-06-10 CVE-2021-3041 Paloaltonetworks Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.

7.2
2021-06-10 CVE-2021-25322 Python Hyperkitty Project UNIX Symbolic Link (Symlink) Following vulnerability in Python-Hyperkitty Project Python-Hyperkitty

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root.

7.2
2021-06-10 CVE-2021-31997 Opensuse UNIX Symbolic Link (Symlink) Following vulnerability in Opensuse Python-Postorius 1.3.2Lp152.1.2

a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root.

7.2
2021-06-10 CVE-2021-31998 Opensuse Incorrect Default Permissions vulnerability in Opensuse INN 2.4.2170.21.3.1

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root.

7.2
2021-06-09 CVE-2020-11292 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-06-09 CVE-2020-11165 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.2
2021-06-09 CVE-2020-11178 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.2
2021-06-09 CVE-2020-11235 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.2
2021-06-09 CVE-2020-11239 Qualcomm Use After Free vulnerability in Qualcomm products

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-06-09 CVE-2020-11240 Qualcomm Incorrect Calculation of Buffer Size vulnerability in Qualcomm products

Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-06-09 CVE-2020-11256 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and Networking

7.2
2021-06-09 CVE-2020-11257 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking

7.2
2021-06-09 CVE-2020-11258 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking

7.2
2021-06-09 CVE-2020-11259 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking

7.2
2021-06-09 CVE-2020-11260 Qualcomm Use of Uninitialized Resource vulnerability in Qualcomm products

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

7.2
2021-06-09 CVE-2020-11261 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-06-08 CVE-2021-31951 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.2
2021-06-08 CVE-2021-31952 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

7.2
2021-06-08 CVE-2021-31954 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.2
2021-06-07 CVE-2020-36387 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.8.2.

7.2

384 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-06-11 CVE-2021-0476 Google Use After Free vulnerability in Google Android 10.0/11.0/9.0

In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition.

6.9
2021-06-11 CVE-2021-0482 Google Use After Free vulnerability in Google Android 11.0

In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free.

6.9
2021-06-10 CVE-2021-23023 F5 Uncontrolled Search Path Element vulnerability in F5 Big-Ip Access Policy Manager

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer.

6.9
2021-06-09 CVE-2021-33669 SAP Improper Cross-boundary Removal of Sensitive Data vulnerability in SAP Mobile SDK Certificate Provider

Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage.

6.9
2021-06-09 CVE-2020-11298 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

6.9
2021-06-09 CVE-2020-11233 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

6.9
2021-06-09 CVE-2020-11250 Qualcomm Use After Free vulnerability in Qualcomm products

Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

6.9
2021-06-13 CVE-2021-23394 Std42 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file.

6.8
2021-06-11 CVE-2020-7860 Unegg Project Integer Overflow or Wraparound vulnerability in Unegg Project Unegg

UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG.

6.8
2021-06-11 CVE-2020-13663 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

6.8
2021-06-11 CVE-2021-22175 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

6.8
2021-06-11 CVE-2021-22750 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22751 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22752 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition.

6.8
2021-06-11 CVE-2021-22753 Schneider Electric Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.

6.8
2021-06-11 CVE-2021-22754 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22755 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22756 Schneider Electric Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22757 Schneider Electric Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22758 Schneider Electric Access of Uninitialized Pointer vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22759 Schneider Electric Use After Free vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22760 Schneider Electric Release of Invalid Pointer or Reference vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22761 Schneider Electric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition.

6.8
2021-06-11 CVE-2021-22762 Schneider Electric Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.

6.8
2021-06-11 CVE-2021-22901 Haxx Use After Free vulnerability in Haxx Curl 7.75.0/7.76.0/7.76.1

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection.

6.8
2021-06-10 CVE-2021-26195 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 2.4.0

An issue was discovered in JerryScript 2.4.0.

6.8
2021-06-10 CVE-2021-31659 TP Link Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware

TP-Link TL-SG2005, TL-SG2008, etc.

6.8
2021-06-10 CVE-2020-35452 Apache
Debian
Out-of-bounds Write vulnerability in multiple products

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest.

6.8
2021-06-09 CVE-2021-29995 Cloverdx Cross-Site Request Forgery (CSRF) vulnerability in Cloverdx

A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution).

6.8
2021-06-08 CVE-2021-31938 Microsoft Improper Privilege Management vulnerability in Microsoft Kubernetes Tools

Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability

6.8
2021-06-08 CVE-2021-31939 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

6.8
2021-06-08 CVE-2021-31940 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31941.

6.8
2021-06-08 CVE-2021-31941 Microsoft Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook

Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31940.

6.8
2021-06-08 CVE-2021-31942 Microsoft Unspecified vulnerability in Microsoft 3D Viewer

3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31943.

6.8
2021-06-08 CVE-2021-31943 Microsoft Unspecified vulnerability in Microsoft 3D Viewer

3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31942.

6.8
2021-06-08 CVE-2021-31945 Microsoft Unspecified vulnerability in Microsoft Paint 3D

Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.

6.8
2021-06-08 CVE-2021-31946 Microsoft Unspecified vulnerability in Microsoft Paint 3D

Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983.

6.8
2021-06-08 CVE-2021-31949 Microsoft Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook

Microsoft Outlook Remote Code Execution Vulnerability

6.8
2021-06-08 CVE-2021-31958 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows NTLM Elevation of Privilege Vulnerability

6.8
2021-06-08 CVE-2021-31959 Microsoft Unspecified vulnerability in Microsoft products

Scripting Engine Memory Corruption Vulnerability

6.8
2021-06-08 CVE-2021-31967 Microsoft Unspecified vulnerability in Microsoft VP9 Video Extensions

VP9 Video Extensions Remote Code Execution Vulnerability

6.8
2021-06-08 CVE-2021-31971 Microsoft Unspecified vulnerability in Microsoft products

Windows HTML Platform Security Feature Bypass Vulnerability

6.8
2021-06-08 CVE-2021-31983 Microsoft Unspecified vulnerability in Microsoft Paint 3D

Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.

6.8
2021-06-08 CVE-2021-31985 Microsoft Unspecified vulnerability in Microsoft Malware Protection Engine 1.1.10600.0/1.1.10701.0/1.1.14306.0

Microsoft Defender Remote Code Execution Vulnerability

6.8
2021-06-08 CVE-2021-33742 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Remote Code Execution Vulnerability

6.8
2021-06-08 CVE-2021-27387 Siemens Out-of-bounds Write vulnerability in Siemens Simcenter Femap 2020.2/2021.1

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3).

6.8
2021-06-08 CVE-2021-27390 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3).

6.8
2021-06-08 CVE-2021-27399 Siemens Out-of-bounds Write vulnerability in Siemens Simcenter Femap 2020.2/2021.1

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3).

6.8
2021-06-08 CVE-2021-31342 Siemens Out-of-bounds Write vulnerability in Siemens products

The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files.

6.8
2021-06-08 CVE-2021-31343 Siemens Out-of-bounds Write vulnerability in Siemens products

The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files.

6.8
2021-06-08 CVE-2021-34280 Polarisoffice Access of Uninitialized Pointer vulnerability in Polarisoffice Polaris Office 9.103.83.44230

Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution.

6.8
2021-06-08 CVE-2020-26516 Intland Cross-Site Request Forgery (CSRF) vulnerability in Intland Codebeamer Application Lifecycle Management

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4.

6.8
2021-06-08 CVE-2021-23169 Openexr
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1.

6.8
2021-06-07 CVE-2021-30521 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30522 Google Use After Free vulnerability in Google Chrome

Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30523 Google Use After Free vulnerability in Google Chrome

Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

6.8
2021-06-07 CVE-2021-30524 Google Use After Free vulnerability in Google Chrome

Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30525 Google Use After Free vulnerability in Google Chrome

Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30526 Google Out-of-bounds Write vulnerability in Google Chrome

Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30527 Google Use After Free vulnerability in Google Chrome

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30528 Google Use After Free vulnerability in Google Chrome

Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30529 Google Use After Free vulnerability in Google Chrome

Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30530 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30535 Google Double Free vulnerability in Google Chrome

Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30542 Google Use After Free vulnerability in Google Chrome

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2021-30543 Google Use After Free vulnerability in Google Chrome

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

6.8
2021-06-07 CVE-2020-18264 Simple LOG Project Cross-Site Request Forgery (CSRF) vulnerability in Simple-Log Project Simple-Log 1.6

Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".

6.8
2021-06-07 CVE-2020-18265 Simple LOG Project Cross-Site Request Forgery (CSRF) vulnerability in Simple-Log Project Simple-Log 1.6

Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".

6.8
2021-06-07 CVE-2020-36385 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.10.

6.8
2021-06-11 CVE-2021-23140 Gallagher Incorrect Authorization vulnerability in Gallagher Command Centre

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator.

6.5
2021-06-11 CVE-2021-29754 IBM Improper Privilege Management vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI).

6.5
2021-06-11 CVE-2021-26995 Netapp Unspecified vulnerability in Netapp E-Series Santricity OS Controller

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.

6.5
2021-06-11 CVE-2021-26828 Openplcproject Unrestricted Upload of File with Dangerous Type vulnerability in Openplcproject Scadabr

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

6.5
2021-06-11 CVE-2021-33205 Westerndigital Improper Privilege Management vulnerability in Westerndigital Edgerover

Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used.

6.5
2021-06-11 CVE-2021-28814 Qnap Improper Privilege Management vulnerability in Qnap Helpdesk

An improper access control vulnerability has been reported to affect QNAP NAS.

6.5
2021-06-10 CVE-2020-24667 Tracefinanacial SQL Injection vulnerability in Tracefinanacial Crestbridge

Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.

6.5
2021-06-10 CVE-2020-24671 Tracefinanacial SQL Injection vulnerability in Tracefinanacial Crestbridge

Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.

6.5
2021-06-10 CVE-2021-3040 Paloaltonetworks Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file.

6.5
2021-06-10 CVE-2021-34539 Cubecoders Improper Input Validation vulnerability in Cubecoders AMP

An issue was discovered in CubeCoders AMP before 2.1.1.8.

6.5
2021-06-09 CVE-2021-33894 Progress SQL Injection vulnerability in Progress Moveit Transfer

In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app.

6.5
2021-06-09 CVE-2020-15382 Broadcom Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.

6.5
2021-06-09 CVE-2021-3196 Hitachi Improper Verification of Cryptographic Signature vulnerability in Hitachi ID Bravura Security Fabric 12.1.0

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0.

6.5
2021-06-09 CVE-2021-21473 SAP Missing Authorization vulnerability in SAP Netweaver AS Abap

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.

6.5
2021-06-08 CVE-2021-26420 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966.

6.5
2021-06-08 CVE-2021-31963 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966.

6.5
2021-06-08 CVE-2021-31966 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31963.

6.5
2021-06-08 CVE-2021-33712 Mendix Insufficient Verification of Data Authenticity vulnerability in Mendix Saml

A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2).

6.5
2021-06-08 CVE-2021-32674 Zope Path Traversal vulnerability in Zope

Zope is an open-source web application server.

6.5
2021-06-08 CVE-2021-28811 Roonlabs Command Injection vulnerability in Roonlabs Roon Server

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.

6.5
2021-06-07 CVE-2021-3277 Nagios Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.

6.5
2021-06-07 CVE-2021-20517 IBM Path Traversal vulnerability in IBM Websphere Application Server ND

IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories.

6.5
2021-06-07 CVE-2021-24336 Zavedil SQL Injection vulnerability in Zavedil Flightlog 2.0/3.0.2

The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users

6.5
2021-06-07 CVE-2021-24337 Video Embed BOX Project SQL Injection vulnerability in Video-Embed-Box Project Video-Embed-Box 1.0

The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.

6.5
2021-06-11 CVE-2020-5003 IBM XXE vulnerability in IBM Financial Transaction Manager 3.2.4

IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

6.4
2021-06-11 CVE-2021-24035 Whatsapp Path Traversal vulnerability in Whatsapp

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.

6.4
2021-06-10 CVE-2021-34363 THE Fuck Project Path Traversal vulnerability in the Fuck Project the Fuck

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

6.4
2021-06-09 CVE-2021-23847 Bosch Missing Authentication for Critical Function vulnerability in Bosch Cpp6 Firmware, Cpp7.3 Firmware and Cpp7 Firmware

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device.

6.4
2021-06-08 CVE-2021-22221 Gitlab Insufficient Session Expiration vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2.

6.4
2021-06-09 CVE-2021-31837 Mcafee Out-of-bounds Write vulnerability in Mcafee Getsusp 3.0.0.461

Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.

6.1
2021-06-10 CVE-2021-21665 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xebialabs XL Deploy

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.

6.0
2021-06-11 CVE-2021-22903 Rubyonrails Open Redirect vulnerability in Rubyonrails Rails

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability.

5.8
2021-06-11 CVE-2021-25424 Samsung Improper Authentication vulnerability in Samsung products

Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.

5.8
2021-06-11 CVE-2021-23393 Flask Unchained Project Open Redirect vulnerability in Flask Unchained Project Flask Unchained

This affects the package Flask-Unchained before 0.9.0.

5.8
2021-06-10 CVE-2021-31658 TP Link Improper Validation of Array Index vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware

TP-Link TL-SG2005, TL-SG2008, etc.

5.8
2021-06-09 CVE-2021-0070 Intel Improper Input Validation vulnerability in Intel EFI Bios 7215

Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.

5.8
2021-06-09 CVE-2021-0101 Intel Classic Buffer Overflow vulnerability in Intel EFI Bios 7215

Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.

5.8
2021-06-09 CVE-2021-32677 Fastapi Project
Fedoraproject
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints.

5.8
2021-06-09 CVE-2020-15387 Broadcom Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

5.8
2021-06-08 CVE-2020-28713 Nightowlsp Authentication Bypass by Capture-replay vulnerability in Nightowlsp Smart Doorbell Firmware 20190505

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server.

5.8
2021-06-08 CVE-2021-22212 Ntpsec Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ntpsec 1.2.0

ntpkeygen can generate keys that ntpd fails to parse.

5.8
2021-06-07 CVE-2021-30536 Google Out-of-bounds Read vulnerability in Google Chrome

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

5.8
2021-06-07 CVE-2021-30539 Google Incorrect Authorization vulnerability in Google Chrome

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8
2021-06-07 CVE-2020-18268 Zblogcn Open Redirect vulnerability in Zblogcn Z-Blogphp

Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."

5.8
2021-06-07 CVE-2020-36386 Linux Out-of-bounds Read vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.8.1.

5.6
2021-06-11 CVE-2021-21382 Wire Exposure of Resource to Wrong Sphere vulnerability in Wire Restund 0.4.12/0.4.13/0.4.14

Restund is an open source NAT traversal server.

5.5
2021-06-10 CVE-2021-3039 Paloaltonetworks Information Exposure Through Log Files vulnerability in Paloaltonetworks Prisma Cloud

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file.

5.5
2021-06-09 CVE-2021-0133 Intel Unspecified vulnerability in Intel Secl-Dc

Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access.

5.5
2021-06-09 CVE-2020-15385 Broadcom Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Sannav

Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission.

5.5
2021-06-09 CVE-2021-27635 SAP XXE vulnerability in SAP Netweaver Application Server for Java

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash.

5.5
2021-06-08 CVE-2021-31948 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31950, CVE-2021-31964.

5.5
2021-06-08 CVE-2021-31950 Microsoft Server-Side Request Forgery (SSRF) vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964.

5.5
2021-06-08 CVE-2021-31964 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950.

5.5
2021-06-07 CVE-2020-25716 Redhat Improper Authorization vulnerability in Redhat Cloudforms

A flaw was found in Cloudforms.

5.5
2021-06-07 CVE-2020-1719 Redhat Privilege Context Switching Error vulnerability in Redhat Wildfly

A flaw was found in wildfly.

5.5
2021-06-09 CVE-2020-24474 Intel Classic Buffer Overflow vulnerability in Intel Baseboard Management Controller Firmware 2.18

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

5.2
2021-06-08 CVE-2021-33741 Microsoft Improper Privilege Management vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

5.1
2021-06-11 CVE-2021-34679 Thycotic Information Exposure vulnerability in Thycotic Password Reset Server

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

5.0
2021-06-11 CVE-2021-0466 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device.

5.0
2021-06-11 CVE-2021-27408 Hillrom Out-of-bounds Read vulnerability in Hillrom products

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).

5.0
2021-06-11 CVE-2021-32932 Advantech SQL Injection vulnerability in Advantech Iview 5.6/5.7.03.6112

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).

5.0
2021-06-11 CVE-2021-22749 Schneider Electric Information Exposure vulnerability in Schneider-Electric Modicon X80 Bmxnor0200H RTU Firmware Sv1.6/Sv1.7

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.

5.0
2021-06-11 CVE-2021-22764 Schneider Electric Improper Authentication vulnerability in Schneider-Electric products

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

5.0
2021-06-11 CVE-2021-22766 SE Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet.

5.0
2021-06-11 CVE-2021-22902 Rubyonrails Unspecified vulnerability in Rubyonrails Rails

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch.

5.0
2021-06-11 CVE-2021-22904 Rubyonrails Unspecified vulnerability in Rubyonrails Rails

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression.

5.0
2021-06-11 CVE-2021-22915 Nextcloud
Fedoraproject
Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations.

5.0
2021-06-11 CVE-2021-28213 Tianocore Inadequate Encryption Strength vulnerability in Tianocore Edk2 201905

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.

5.0
2021-06-11 CVE-2021-25417 Google Incorrect Authorization vulnerability in Google Android 10.0/9.0

Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.

5.0
2021-06-11 CVE-2021-25425 Samsung Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Health 6.16

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.

5.0
2021-06-11 CVE-2021-26993 Netapp Unspecified vulnerability in Netapp E-Series Santricity OS Controller

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server.

5.0
2021-06-11 CVE-2021-26996 Netapp Unspecified vulnerability in Netapp E-Series Santricity OS Controller

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks.

5.0
2021-06-11 CVE-2021-28801 Qnap Out-of-bounds Read vulnerability in Qnap QSS

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS.

5.0
2021-06-10 CVE-2020-23308 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23309 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23310 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23311 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23312 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23313 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0

5.0
2021-06-10 CVE-2020-23314 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23319 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23320 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2020-23322 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0.

5.0
2021-06-10 CVE-2021-31538 Lancom Systems Path Traversal vulnerability in Lancom-Systems Lcos FX 10.5

LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal.

5.0
2021-06-10 CVE-2021-34555 Trusteddomain
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.

5.0
2021-06-10 CVE-2019-17567 Apache HTTP Request Smuggling vulnerability in Apache Http Server

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

5.0
2021-06-10 CVE-2020-13950 Apache NULL Pointer Dereference vulnerability in Apache Http Server 2.4.41/2.4.43/2.4.44

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

5.0
2021-06-10 CVE-2021-26690 Apache
Debian
NULL Pointer Dereference vulnerability in multiple products

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

5.0
2021-06-10 CVE-2021-30641 Apache
Debian
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
5.0
2021-06-09 CVE-2021-33359 Sensepost Files or Directories Accessible to External Parties vulnerability in Sensepost Gowitness

A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.

5.0
2021-06-09 CVE-2020-15378 Broadcom Unspecified vulnerability in Broadcom Sannav

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.

5.0
2021-06-09 CVE-2020-15379 Broadcom Improper Input Validation vulnerability in Broadcom Brocade Sannav

Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.

5.0
2021-06-09 CVE-2020-15380 Broadcom Information Exposure Through Log Files vulnerability in Broadcom Sannav

Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.

5.0
2021-06-09 CVE-2020-15384 Broadcom Cleartext Storage of Sensitive Information vulnerability in Broadcom Sannav

Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability.

5.0
2021-06-09 CVE-2020-15386 Broadcom Resource Exhaustion vulnerability in Broadcom Fabric Operating System

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

5.0
2021-06-09 CVE-2020-15381 Broadcom Insufficiently Protected Credentials vulnerability in Broadcom Sannav

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.

5.0
2021-06-09 CVE-2020-15383 Broadcom Resource Exhaustion vulnerability in Broadcom Fabric Operating System

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

5.0
2021-06-09 CVE-2021-27597 SAP Improper Input Validation vulnerability in SAP Netweaver Abap

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27606 SAP Improper Input Validation vulnerability in SAP Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27607 SAP Improper Input Validation vulnerability in SAP Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27628 SAP Improper Input Validation vulnerability in SAP Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27629 SAP Improper Input Validation vulnerability in SAP Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27630 SAP Improper Input Validation vulnerability in SAP Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27631 SAP Improper Input Validation vulnerability in SAP Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27632 SAP Improper Input Validation vulnerability in SAP Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-27633 SAP Improper Input Validation vulnerability in SAP Netweaver Abap

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable.

5.0
2021-06-09 CVE-2021-33663 SAP Incorrect Authorization vulnerability in SAP Netweaver AS Abap

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.

5.0
2021-06-09 CVE-2021-33668 SAP Improper Input Validation vulnerability in SAP Infrabox

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user.

5.0
2021-06-09 CVE-2021-1937 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

5.0
2021-06-09 CVE-2021-20728 Nttr Unspecified vulnerability in Nttr GOO Blog

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

5.0
2021-06-09 CVE-2021-28169 Eclipse
Debian
Information Exposure vulnerability in multiple products

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.

5.0
2021-06-08 CVE-2021-31957 Microsoft
Fedoraproject
ASP.NET Denial of Service Vulnerability
5.0
2021-06-08 CVE-2021-31968 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Services Denial of Service Vulnerability

5.0
2021-06-08 CVE-2021-31974 Microsoft Unspecified vulnerability in Microsoft products

Server for NFS Denial of Service Vulnerability

5.0
2021-06-08 CVE-2021-31977 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Windows Hyper-V Denial of Service Vulnerability

5.0
2021-06-08 CVE-2021-31340 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions), SIMATIC RF615R (All versions > V3.0), SIMATIC RF680R (All versions > V3.0), SIMATIC RF685R (All versions > V3.0).

5.0
2021-06-08 CVE-2021-26474 Vembu Server-Side Request Forgery (SSRF) vulnerability in Vembu BDR Suite and Offsite DR

Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET request that specifies a hostname and port number.

5.0
2021-06-08 CVE-2020-26138 Silverstripe Improper Input Validation vulnerability in Silverstripe

In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.

5.0
2021-06-08 CVE-2021-33571 Djangoproject Server-Side Request Forgery (SSRF) vulnerability in Djangoproject Django

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals.

5.0
2021-06-08 CVE-2021-33175 Emqx Allocation of Resources Without Limits or Throttling vulnerability in Emqx EMQ X Broker

EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs.

5.0
2021-06-08 CVE-2021-33176 Octavolabs Allocation of Resources Without Limits or Throttling vulnerability in Octavolabs Vernemq

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs.

5.0
2021-06-08 CVE-2021-33190 Apache Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Apisix Dashboard 2.6

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access.

5.0
2021-06-08 CVE-2021-30357 Checkpoint Information Exposure Through an Error Message vulnerability in Checkpoint SSL Network Extender

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.

5.0
2021-06-08 CVE-2020-26515 Intland Insufficiently Protected Credentials vulnerability in Intland Codebeamer Application Lifecycle Management 10.0.0/10.0.1/10.1.0

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4.

5.0
2021-06-08 CVE-2021-33560 Gnupg
Debian
Information Exposure Through Discrepancy vulnerability in multiple products

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.

5.0
2021-06-08 CVE-2021-23392 Locutus Unspecified vulnerability in Locutus

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.

5.0
2021-06-08 CVE-2021-28810 Qnap Authentication Bypass by Spoofing vulnerability in Qnap Roon Server

If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication.

5.0
2021-06-07 CVE-2021-29621 Flask Appbuilder Project
Apache
Information Exposure Through Discrepancy vulnerability in multiple products

Flask-AppBuilder is a development framework, built on top of Flask.

5.0
2021-06-07 CVE-2021-33896 Dino
Fedoraproject
Path Traversal vulnerability in multiple products

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.

5.0
2021-06-07 CVE-2020-5008 IBM Insecure Storage of Sensitive Information vulnerability in IBM Datapower Gateway

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters.

5.0
2021-06-07 CVE-2021-22222 Wireshark Infinite Loop vulnerability in Wireshark

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

5.0
2021-06-07 CVE-2021-29099 Esri SQL Injection vulnerability in Esri Arcgis Server

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier.

5.0
2021-06-07 CVE-2021-24340 Veronalabs SQL Injection vulnerability in Veronalabs WP Statistics

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query.

5.0
2021-06-11 CVE-2021-28687 XEN Missing Initialization of Resource vulnerability in XEN

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions.

4.9
2021-06-07 CVE-2020-1690 Redhat Improper Authorization vulnerability in Redhat Openstack-Selinux and Openstack Platform

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation.

4.9
2021-06-11 CVE-2021-0472 Google Improper Privilege Management vulnerability in Google Android 10.0/11.0/9.0

In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass.

4.6
2021-06-11 CVE-2021-21808 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.9

A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9.

4.6
2021-06-11 CVE-2021-21824 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.9

An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9.

4.6
2021-06-11 CVE-2021-28210 Tianocore Uncontrolled Recursion vulnerability in Tianocore Edk2

An unlimited recursion in DxeCore in EDK II.

4.6
2021-06-11 CVE-2021-28211 Tianocore Out-of-bounds Write vulnerability in Tianocore Edk2 202008

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

4.6
2021-06-11 CVE-2021-25396 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.

4.6
2021-06-11 CVE-2021-25400 Samsung Incorrect Authorization vulnerability in Samsung Internet 13.2.1.46/13.2.1.70

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.

4.6
2021-06-11 CVE-2021-25401 Samsung Incorrect Authorization vulnerability in Samsung Health

Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.

4.6
2021-06-11 CVE-2021-25407 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/9.0

A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.

4.6
2021-06-11 CVE-2021-25408 Google Classic Buffer Overflow vulnerability in Google Android 10.0/11.0/9.0

A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.

4.6
2021-06-11 CVE-2021-25414 Google Unspecified vulnerability in Google Android 10.0/11.0/9.0

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.

4.6
2021-06-11 CVE-2021-25684 Canonical Improper Input Validation vulnerability in Canonical Apport

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

4.6
2021-06-09 CVE-2020-24473 Intel Out-of-bounds Write vulnerability in Intel Baseboard Management Controller Firmware 2.18

Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2020-24489 Intel
Debian
Incomplete Cleanup vulnerability in multiple products

Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0052 Intel Improper Privilege Management vulnerability in Intel Computing Improvement Program

Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0054 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0055 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel products

Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers before version 10.42 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0056 Intel Unspecified vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0058 Intel Incorrect Default Permissions vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0067 Intel Incorrect Authorization vulnerability in Intel products

&nbsp;Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0073 Intel Unspecified vulnerability in Intel Driver & Support Assistant

Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0074 Intel Improper Preservation of Permissions vulnerability in Intel Computing Improvement Program

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0077 Intel Improper Preservation of Permissions vulnerability in Intel Vtune Profiler 2017/2018/2019

Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0094 Intel Link Following vulnerability in Intel Driver & Support Assistant

Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0098 Intel Improper Privilege Management vulnerability in Intel Unite

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0100 Intel Incorrect Default Permissions vulnerability in Intel SSD Data Center Tool 3.0.17/3.0.23

Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0102 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Unite

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

4.6
2021-06-09 CVE-2021-0106 Intel Incorrect Default Permissions vulnerability in Intel Ipmctl

Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2020-12357 Intel Improper Initialization vulnerability in Intel Bios

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2020-12359 Intel Unspecified vulnerability in Intel Bios

Insufficient control flow management in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

4.6
2021-06-09 CVE-2020-12360 Intel Out-of-bounds Read vulnerability in Intel Bios

Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2020-24509 Intel Unspecified vulnerability in Intel Server Platform Services

Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2020-24514 Intel Improper Authentication vulnerability in Intel products

Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

4.6
2021-06-09 CVE-2020-24515 Intel Improper Privilege Management vulnerability in Intel products

Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

4.6
2021-06-09 CVE-2020-24516 Intel Unspecified vulnerability in Intel Converged Security and Manageability Engine

Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

4.6
2021-06-09 CVE-2020-27383 Blizzard Improper Preservation of Permissions vulnerability in Blizzard Battle.Net 1.27.1.12428

Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice.

4.6
2021-06-09 CVE-2020-8700 Intel Improper Input Validation vulnerability in Intel Bios

Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2020-8703 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Converged Security and Manageability Engine

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.

4.6
2021-06-09 CVE-2020-27384 Arena Incorrect Default Permissions vulnerability in Arena Guild Wars 2 106916

The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice.

4.6
2021-06-09 CVE-2020-11267 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

4.6
2021-06-09 CVE-2020-11306 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

4.6
2021-06-09 CVE-2020-11160 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2021-06-08 CVE-2021-31199 Microsoft Improper Privilege Management vulnerability in Microsoft Windows Server 2008 and Windows Server 2012

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31201.

4.6
2021-06-08 CVE-2021-31201 Microsoft Improper Privilege Management vulnerability in Microsoft Windows Server 2008 and Windows Server 2012

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31199.

4.6
2021-06-08 CVE-2021-31953 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Filter Manager Elevation of Privilege Vulnerability

4.6
2021-06-08 CVE-2021-31969 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

4.6
2021-06-08 CVE-2021-31973 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows GPSVC Elevation of Privilege Vulnerability

4.6
2021-06-08 CVE-2021-33739 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Microsoft DWM Core Library Elevation of Privilege Vulnerability

4.6
2021-06-08 CVE-2021-22548 Google Unspecified vulnerability in Google Asylo

An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region.

4.6
2021-06-08 CVE-2021-22549 Google Exposure of Resource to Wrong Sphere vulnerability in Google Asylo

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory.

4.6
2021-06-08 CVE-2021-22550 Google Exposure of Resource to Wrong Sphere vulnerability in Google Asylo

An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave.

4.6
2021-06-07 CVE-2021-20259 Theforeman Information Exposure vulnerability in Theforeman Foremanfogproxmox

A flaw was found in the Foreman project.

4.6
2021-06-07 CVE-2018-25015 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 4.14.16.

4.6
2021-06-07 CVE-2019-25045 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.0.19.

4.6
2021-06-11 CVE-2021-25394 Google Use After Free vulnerability in Google Android

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

4.4
2021-06-11 CVE-2021-25395 Google Race Condition vulnerability in Google Android

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.

4.4
2021-06-11 CVE-2021-25418 Samsung Incorrect Authorization vulnerability in Samsung Internet 13.2.1.46/13.2.1.70/14.0.1.20

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.

4.4
2021-06-10 CVE-2021-31840 Mcafee Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.6.6

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs.

4.4
2021-06-09 CVE-2021-0057 Intel Uncontrolled Search Path Element vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.4
2021-06-09 CVE-2021-0090 Intel Uncontrolled Search Path Element vulnerability in Intel Driver & Support Assistant

Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.

4.4
2021-06-09 CVE-2021-0104 Intel Uncontrolled Search Path Element vulnerability in Intel Rapid Storage Technology

Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access.

4.4
2021-06-09 CVE-2021-0108 Intel Uncontrolled Search Path Element vulnerability in Intel Unite

Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

4.4
2021-06-09 CVE-2021-0112 Intel Unquoted Search Path or Element vulnerability in Intel Unite

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

4.4
2021-06-09 CVE-2020-8670 Intel Race Condition vulnerability in Intel Bios

Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

4.4
2021-06-09 CVE-2020-8702 Intel Uncontrolled Search Path Element vulnerability in Intel Processor Diagnostic Tool

Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.4
2021-06-09 CVE-2020-8704 Intel Race Condition vulnerability in Intel Local Manageability Service

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

4.4
2021-06-09 CVE-2021-1900 Qualcomm Use After Free vulnerability in Qualcomm products

Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.4
2021-06-09 CVE-2020-11262 Qualcomm Use After Free vulnerability in Qualcomm products

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue.

4.4
2021-06-07 CVE-2020-1742 Nmstate
Redhat
Improper Privilege Management vulnerability in multiple products

An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler.

4.4
2021-06-12 CVE-2021-34682 GOV Unspecified vulnerability in GOV Imposto DE Renda DA Pessoa Fisica 2021 1.7

Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.

4.3
2021-06-12 CVE-2021-31811 Apache
Fedoraproject
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
4.3
2021-06-12 CVE-2021-31812 Apache
Fedoraproject
Excessive Iteration vulnerability in multiple products

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file.

4.3
2021-06-11 CVE-2021-0480 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android

In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier.

4.3
2021-06-11 CVE-2021-22895 Nextcloud Improper Certificate Validation vulnerability in Nextcloud Desktop

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.

4.3
2021-06-11 CVE-2021-22897 Haxx Exposure of Resource to Wrong Sphere vulnerability in Haxx Curl

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library.

4.3
2021-06-11 CVE-2021-22905 Nextcloud Information Exposure vulnerability in Nextcloud

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.

4.3
2021-06-11 CVE-2021-22912 Nextcloud Information Exposure vulnerability in Nextcloud

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.

4.3
2021-06-11 CVE-2021-22913 Nextcloud Information Exposure vulnerability in Nextcloud Deck

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.

4.3
2021-06-11 CVE-2020-13688 Drupal Cross-site Scripting vulnerability in Drupal

Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.

4.3
2021-06-11 CVE-2021-25419 Samsung Unspecified vulnerability in Samsung Internet 13.2.1.46/13.2.1.70/14.0.1.20

Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.

4.3
2021-06-11 CVE-2021-34540 Advantech Cross-site Scripting vulnerability in Advantech Webaccess 8.4.2/8.4.4

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.

4.3
2021-06-10 CVE-2021-26194 Jerryscript Use After Free vulnerability in Jerryscript 2.4.0

An issue was discovered in JerryScript 2.4.0.

4.3
2021-06-10 CVE-2021-26197 Jerryscript Improper Check for Unusual or Exceptional Conditions vulnerability in Jerryscript 2.4.0

An issue was discovered in JerryScript 2.4.0.

4.3
2021-06-10 CVE-2021-26198 Jerryscript Unspecified vulnerability in Jerryscript 2.4.0

An issue was discovered in JerryScript 2.4.0.

4.3
2021-06-10 CVE-2021-26199 Jerryscript Use After Free vulnerability in Jerryscript 2.4.0

An issue was discovered in JerryScript 2.4.0.

4.3
2021-06-10 CVE-2020-25467 Irzip Project NULL Pointer Dereference vulnerability in Irzip Project Irzip 0.621

A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.

4.3
2021-06-10 CVE-2021-27345 Irzip Project NULL Pointer Dereference vulnerability in Irzip Project Irzip 0.631

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.

4.3
2021-06-10 CVE-2021-27347 Irzip Project Use After Free vulnerability in Irzip Project Irzip 0.631

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.

4.3
2021-06-10 CVE-2021-21666 Jenkins Cross-site Scripting vulnerability in Jenkins Kiuwan

Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

4.3
2021-06-10 CVE-2021-34547 Paessler Cross-Site Request Forgery (CSRF) vulnerability in Paessler Prtg Network Monitor 20.1.55.1775

PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.

4.3
2021-06-10 CVE-2019-25046 Cerberusftp Cross-site Scripting vulnerability in Cerberusftp FTP Server

The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.

4.3
2021-06-10 CVE-2021-20293 Redhat
Netapp
Cross-site Scripting vulnerability in multiple products

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType.

4.3
2021-06-09 CVE-2021-29049 Liferay Cross-site Scripting vulnerability in Liferay DXP 7.0

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.

4.3
2021-06-09 CVE-2021-23848 Bosch Cross-site Scripting vulnerability in Bosch products

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.

4.3
2021-06-09 CVE-2021-23854 Bosch Cross-site Scripting vulnerability in Bosch products

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.

4.3
2021-06-09 CVE-2021-30133 Cloverdx Cross-site Scripting vulnerability in Cloverdx

A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API.

4.3
2021-06-09 CVE-2021-21490 SAP Cross-site Scripting vulnerability in SAP Netweaver AS Abap

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.

4.3
2021-06-09 CVE-2021-27620 SAP Improper Input Validation vulnerability in SAP Netweaver AS Internet Graphics Server

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27622 SAP Improper Input Validation vulnerability in SAP Netweaver AS Internet Graphics Server

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27623 SAP Improper Input Validation vulnerability in SAP Netweaver AS Internet Graphics Server

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27624 SAP Improper Input Validation vulnerability in SAP Netweaver AS Internet Graphics Server

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27625 SAP Improper Input Validation vulnerability in SAP Netweaver AS Internet Graphics Server

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27626 SAP Improper Input Validation vulnerability in SAP Netweaver AS Internet Graphics Server

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27627 SAP Improper Input Validation vulnerability in SAP Netweaver AS Internet Graphics Server

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27634 SAP Improper Input Validation vulnerability in SAP Netweaver Abap

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable.

4.3
2021-06-09 CVE-2021-27638 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-27639 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-27640 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-27641 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-27642 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-27643 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-33659 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-33660 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FLI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-33661 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-06-09 CVE-2021-33666 SAP Cross-site Scripting vulnerability in SAP Commerce Cloud 100

When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation.

4.3
2021-06-09 CVE-2021-33829 Ckeditor Cross-site Scripting vulnerability in Ckeditor

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

4.3
2021-06-09 CVE-2021-34370 Accela Cross-site Scripting vulnerability in Accela Civic Platform 19.2/20.1

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.

4.3
2021-06-09 CVE-2021-3532 Redhat
Fedoraproject
Information Exposure vulnerability in multiple products

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory.

4.3
2021-06-09 CVE-2021-34364 Refined Github Project Cross-site Scripting vulnerability in Refined-Github Project Refined-Github

The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document.

4.3
2021-06-09 CVE-2021-20732 Atomtech Improper Certificate Validation vulnerability in Atomtech Smart Life

The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate.

4.3
2021-06-08 CVE-2021-26414 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 and Windows Server 2012

Windows DCOM Server Security Feature Bypass

4.3
2021-06-08 CVE-2021-31944 Microsoft Information Exposure vulnerability in Microsoft 3D Viewer

3D Viewer Information Disclosure Vulnerability

4.3
2021-06-08 CVE-2021-22220 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting with 13.10.

4.3
2021-06-08 CVE-2021-22213 Gitlab Information Exposure vulnerability in Gitlab

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari

4.3
2021-06-08 CVE-2021-22214 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited

4.3
2021-06-08 CVE-2021-22116 Vmware Improper Input Validation vulnerability in VMWare Rabbitmq

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint.

4.3
2021-06-08 CVE-2021-23215 Openexr
Fedoraproject
Resource Exhaustion vulnerability in multiple products

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1.

4.3
2021-06-08 CVE-2021-26260 Openexr
Fedoraproject
Resource Exhaustion vulnerability in multiple products

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1.

4.3
2021-06-08 CVE-2021-26945 Openexr Resource Exhaustion vulnerability in Openexr

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1.

4.3
2021-06-08 CVE-2021-31738 Adiscon Cross-site Scripting vulnerability in Adiscon Loganalyzer 4.1.10/4.1.11

Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.

4.3
2021-06-07 CVE-2021-26078 Atlassian Cross-site Scripting vulnerability in Atlassian Data Center and Jira

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

4.3
2021-06-07 CVE-2021-26079 Atlassian Cross-site Scripting vulnerability in Atlassian Data Center and Jira

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

4.3
2021-06-07 CVE-2021-26080 Atlassian Cross-site Scripting vulnerability in Atlassian Data Center and Jira

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

4.3
2021-06-07 CVE-2021-32670 Datasette Cross-site Scripting vulnerability in Datasette

Datasette is an open source multi-tool for exploring and publishing data.

4.3
2021-06-07 CVE-2021-32671 Flarum Cross-site Scripting vulnerability in Flarum 1.0.0/1.0.1

Flarum is a forum software for building communities.

4.3
2021-06-07 CVE-2021-30531 Google Incorrect Authorization vulnerability in Google Chrome

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3
2021-06-07 CVE-2021-30532 Google Incorrect Authorization vulnerability in Google Chrome

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3
2021-06-07 CVE-2021-30533 Google Incorrect Authorization vulnerability in Google Chrome

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

4.3
2021-06-07 CVE-2021-30534 Google Incorrect Authorization vulnerability in Google Chrome

Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3
2021-06-07 CVE-2021-30537 Google Incorrect Authorization vulnerability in Google Chrome

Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.

4.3
2021-06-07 CVE-2021-30538 Google Incorrect Authorization vulnerability in Google Chrome

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3
2021-06-07 CVE-2021-30540 Google Improper Input Validation vulnerability in Google Chrome

Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3
2021-06-07 CVE-2021-33904 Accela Cross-site Scripting vulnerability in Accela Civic Platform 19.2/21.1

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS.

4.3
2021-06-07 CVE-2020-36383 Pagelayer Cross-site Scripting vulnerability in Pagelayer

PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.

4.3
2021-06-07 CVE-2020-36384 Pagelayer Cross-site Scripting vulnerability in Pagelayer

PageLayer before 1.3.5 allows reflected XSS via color settings.

4.3
2021-06-07 CVE-2021-24342 Jnews Cross-site Scripting vulnerability in Jnews

The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.

4.3
2021-06-07 CVE-2020-26885 2Sic Cross-site Scripting vulnerability in 2Sic 2Sxc

An issue was discovered in 2sic 2sxc before 11.22.

4.3
2021-06-09 CVE-2021-0105 Intel Incorrect Default Permissions vulnerability in Intel products

Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi drivers may allow an authenticated user to potentially enable information disclosure and denial of service via adjacent access.

4.1
2021-06-11 CVE-2021-3256 Kuaifan Argument Injection or Modification vulnerability in Kuaifan Kuaifancms 5.0

KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.

4.0
2021-06-11 CVE-2021-22181 Gitlab Resource Exhaustion vulnerability in Gitlab

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.

4.0
2021-06-11 CVE-2021-22769 Schneider Electric Files or Directories Accessible to External Parties vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7/2.7.1

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.

4.0
2021-06-11 CVE-2021-22896 Nextcloud Missing Authorization vulnerability in Nextcloud

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.

4.0
2021-06-11 CVE-2021-22906 Nextcloud Resource Exhaustion vulnerability in Nextcloud End-To-End Encryption

Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.

4.0
2021-06-11 CVE-2021-23136 Gallagher Incorrect Authorization vulnerability in Gallagher Command Centre

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator.

4.0
2021-06-11 CVE-2021-23204 Gallagher Missing Authorization vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators.

4.0
2021-06-11 CVE-2021-26997 Netapp Information Exposure Through an Error Message vulnerability in Netapp E-Series Santricity OS Controller

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.

4.0
2021-06-10 CVE-2021-20329 Mongodb Improper Input Validation vulnerability in Mongodb GO Driver

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON.

4.0
2021-06-10 CVE-2021-21661 Jenkins Missing Authorization vulnerability in Jenkins Kubernetes

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.0
2021-06-10 CVE-2021-21662 Jenkins Missing Authorization vulnerability in Jenkins Xebialabs XL Deploy

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

4.0
2021-06-10 CVE-2021-21663 Jenkins Missing Authorization vulnerability in Jenkins Xebialabs XL Deploy

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.

4.0
2021-06-10 CVE-2021-21664 Jenkins Incorrect Authorization vulnerability in Jenkins Xebialabs XL Deploy

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.

4.0
2021-06-10 CVE-2021-31927 Annexcloud Inclusion of Functionality from Untrusted Control Sphere vulnerability in Annexcloud Loyalty Experience Platform

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients.

4.0
2021-06-10 CVE-2021-31929 Annexcloud Incorrect Permission Assignment for Critical Resource vulnerability in Annexcloud Loyalty Experience Platform

Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals.

4.0
2021-06-10 CVE-2021-21735 ZTE Improper Preservation of Permissions vulnerability in ZTE Zxhn H168N Firmware

A ZTE product has an information leak vulnerability.

4.0
2021-06-09 CVE-2021-0131 Intel Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Intel Secl-Dc

Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access.

4.0
2021-06-09 CVE-2021-0132 Intel Missing Release of Resource after Effective Lifetime vulnerability in Intel Secl-Dc

Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.

4.0
2021-06-09 CVE-2021-0134 Intel Improper Input Validation vulnerability in Intel Secl-Dc

Improper input validation in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.

4.0
2021-06-09 CVE-2021-23852 Bosch Resource Exhaustion vulnerability in Bosch products

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).

4.0
2021-06-09 CVE-2021-27621 SAP Exposure of Resource to Wrong Sphere vulnerability in SAP Netweaver Application Server for Java

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

4.0
2021-06-09 CVE-2021-34369 Accela Unspecified vulnerability in Accela Civic Platform 19.2/20.1

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value.

4.0
2021-06-08 CVE-2021-31965 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Information Disclosure Vulnerability

4.0
2021-06-08 CVE-2020-26136 Silverstripe Improper Authentication vulnerability in Silverstripe

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.

4.0
2021-06-08 CVE-2021-22216 Gitlab Resource Exhaustion vulnerability in Gitlab

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description

4.0
2021-06-08 CVE-2021-31807 Squid Cache
Fedoraproject
Netapp
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6.

4.0
2021-06-08 CVE-2021-22217 Gitlab Resource Exhaustion vulnerability in Gitlab

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request

4.0
2021-06-08 CVE-2021-22219 Gitlab Information Exposure Through Log Files vulnerability in Gitlab

GitLab CE/EE since version 9.5 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.

4.0
2021-06-08 CVE-2021-33203 Djangoproject Path Traversal vulnerability in Djangoproject Django

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs.

4.0
2021-06-08 CVE-2021-22215 Gitlab Exposure of Resource to Wrong Sphere vulnerability in Gitlab

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects

4.0
2021-06-08 CVE-2021-22218 Gitlab Improper Certificate Validation vulnerability in Gitlab

All versions of GitLab CE/EE starting with 12.8 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.

4.0
2021-06-07 CVE-2020-1750 Redhat Resource Exhaustion vulnerability in Redhat Machine-Config-Operator

A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory.

4.0

110 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-06-12 CVE-2021-32557 Canonical Link Following vulnerability in Canonical Apport

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

3.6
2021-06-11 CVE-2021-25388 Google Improper Validation of Integrity Check Value vulnerability in Google Android 11.0

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.

3.6
2021-06-11 CVE-2021-25389 Google Improper Authentication vulnerability in Google Android 9.0

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.

3.6
2021-06-11 CVE-2021-25399 Samsung Incorrect Authorization vulnerability in Samsung Smart Manager

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.

3.6
2021-06-11 CVE-2021-25410 Google Incorrect Authorization vulnerability in Google Android 11.0

Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.

3.6
2021-06-09 CVE-2020-11304 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read in DRM due to improper buffer length check.

3.6
2021-06-09 CVE-2020-11161 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

3.6
2021-06-08 CVE-2021-32015 Nuvoton Missing Authorization vulnerability in Nuvoton Npct75X Firmware 7.4.0.0

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory.

3.6
2021-06-07 CVE-2021-23391 Calipso Project Exposure of Resource to Wrong Sphere vulnerability in Calipso Project Calipso

This affects all versions of package calipso.

3.6
2021-06-11 CVE-2021-23230 Gallagher SQL Injection vulnerability in Gallagher Command Centre

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected.

3.5
2021-06-11 CVE-2021-26829 Openplcproject Cross-site Scripting vulnerability in Openplcproject Scadabr

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

3.5
2021-06-10 CVE-2020-24663 Tracefinanacial Cross-site Scripting vulnerability in Tracefinanacial Crestbridge

Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.

3.5
2021-06-10 CVE-2020-24668 Tracefinancial Cross-site Scripting vulnerability in Tracefinancial Crestbridge

Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.

3.5
2021-06-10 CVE-2021-33031 Labcup Missing Authorization vulnerability in Labcup

In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account.

3.5
2021-06-10 CVE-2020-24662 Smartstream Cross-site Scripting vulnerability in Smartstream Transaction Lifecycle Management Reconciliations-Premium

SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS.

3.5
2021-06-09 CVE-2021-27615 SAP Cross-site Scripting vulnerability in SAP Manufacturing Execution

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response.

3.5
2021-06-09 CVE-2021-31832 Mcafee Cross-site Scripting vulnerability in Mcafee Data Loss Prevention

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field.

3.5
2021-06-09 CVE-2021-33664 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2021-06-09 CVE-2021-33665 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2021-06-08 CVE-2020-25817 Silverstripe XXE vulnerability in Silverstripe

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser.

3.5
2021-06-08 CVE-2020-26517 Intland Cross-site Scripting vulnerability in Intland Codebeamer Application Lifecycle Management

A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4.

3.5
2021-06-08 CVE-2021-32106 Icecoder Cross-site Scripting vulnerability in Icecoder 8.0

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable.

3.5
2021-06-07 CVE-2021-24343 Iflychat Cross-site Scripting vulnerability in Iflychat 4.6.4

The iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue

3.5
2021-06-07 CVE-2021-24344 Easy Preloader Project Cross-site Scripting vulnerability in Easy Preloader Project Easy Preloader

The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues

3.5
2021-06-07 CVE-2021-28382 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.

3.5
2021-06-11 CVE-2021-25406 Samsung Incorrect Authorization vulnerability in Samsung Gear S

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.

3.3
2021-06-09 CVE-2021-0097 Intel Path Traversal vulnerability in Intel EFI Bios 7215

Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.

3.3
2021-06-09 CVE-2021-0113 Intel Out-of-bounds Write vulnerability in Intel EFI Bios 7215

Out of bounds write in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.

3.3
2021-06-09 CVE-2021-20730 Buffalo Unspecified vulnerability in Buffalo Wsr-1166Dhp3 Firmware and Wsr-1166Dhp4 Firmware

Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.

3.3
2021-06-08 CVE-2021-21559 Dell Improper Certificate Validation vulnerability in Dell EMC Networker

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server.

2.9
2021-06-09 CVE-2021-0129 Bluez
Redhat
Debian
Incorrect Authorization vulnerability in multiple products

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.

2.7
2021-06-11 CVE-2021-22898 Haxx
Apache
Debian
Fedoraproject
Oracle
Missing Initialization of Resource vulnerability in multiple products

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers.

2.6
2021-06-12 CVE-2021-32547 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32548 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32549 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32550 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32551 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32552 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32553 Canonical
Oracle
Link Following vulnerability in multiple products

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32554 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32555 Canonical Link Following vulnerability in Canonical Ubuntu Linux

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.

2.1
2021-06-12 CVE-2021-32556 Canonical OS Command Injection vulnerability in Canonical Apport

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

2.1
2021-06-11 CVE-2019-9475 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0

In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass.

2.1
2021-06-11 CVE-2021-0484 Google Missing Initialization of Resource vulnerability in Google Android

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check.

2.1
2021-06-11 CVE-2021-23182 Gallagher Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps.

2.1
2021-06-11 CVE-2021-23211 Gallagher Missing Encryption of Sensitive Data vulnerability in Gallagher Command Centre

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps.

2.1
2021-06-11 CVE-2021-20396 IBM Insecure Storage of Sensitive Information vulnerability in IBM Security Qradar Analyst Workflow

IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system.

2.1
2021-06-11 CVE-2021-25391 Google Unspecified vulnerability in Google Android 11.0

Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.

2.1
2021-06-11 CVE-2021-25392 Google Inadequate Encryption Strength vulnerability in Google Android 10.0/11.0/9.0

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.

2.1
2021-06-11 CVE-2021-25393 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/11.0

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.

2.1
2021-06-11 CVE-2021-25397 Google Incorrect Authorization vulnerability in Google Android 10.0/11.0/9.0

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

2.1
2021-06-11 CVE-2021-25398 Samsung Unspecified vulnerability in Samsung Bixby Voice 3.0.52.14

Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.

2.1
2021-06-11 CVE-2021-25402 Samsung Insecure Storage of Sensitive Information vulnerability in Samsung Notes 2.0.02.31/4.2.00.22

Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.

2.1
2021-06-11 CVE-2021-25403 Samsung Incorrect Authorization vulnerability in Samsung Account 10.7.07/12.2.0.9

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

2.1
2021-06-11 CVE-2021-25404 Samsung Insecure Storage of Sensitive Information vulnerability in Samsung Smartthings Firmware

Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.

2.1
2021-06-11 CVE-2021-25405 Samsung Incorrect Authorization vulnerability in Samsung Notes 2.0.02.31/4.2.00.22

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

2.1
2021-06-11 CVE-2021-25409 Google Incorrect Authorization vulnerability in Google Android 10.0

Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.

2.1
2021-06-11 CVE-2021-25411 Google Improper Input Validation vulnerability in Google Android 10.0/11.0

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.

2.1
2021-06-11 CVE-2021-25413 Google Unspecified vulnerability in Google Android 10.0/11.0/9.0

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.

2.1
2021-06-11 CVE-2021-25415 Google Improper Input Validation vulnerability in Google Android 10.0/11.0

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.

2.1
2021-06-11 CVE-2021-25416 Google Improper Input Validation vulnerability in Google Android 10.0/11.0

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.

2.1
2021-06-11 CVE-2021-25420 Samsung Information Exposure Through Log Files vulnerability in Samsung Galaxy Watch Plugin

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

2.1
2021-06-11 CVE-2021-25421 Samsung Information Exposure Through Log Files vulnerability in Samsung Galaxy Watch 3 Plugin

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

2.1
2021-06-11 CVE-2021-25422 Samsung Information Exposure Through Log Files vulnerability in Samsung Watch Active Plugin

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

2.1
2021-06-11 CVE-2021-25423 Samsung Information Exposure Through Log Files vulnerability in Samsung Watch Active2 Plugin

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

2.1
2021-06-11 CVE-2021-28689 XEN Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1.

2.1
2021-06-11 CVE-2021-28805 Qnap Information Exposure vulnerability in Qnap QSS 1.0.2/1.0.3

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS.

2.1
2021-06-10 CVE-2021-31839 Mcafee Improper Privilege Management vulnerability in Mcafee Agent

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder.

2.1
2021-06-10 CVE-2021-34557 Xscreensaver Project
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs.

2.1
2021-06-10 CVE-2020-13938 Apache Missing Authorization vulnerability in Apache Http Server

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

2.1
2021-06-10 CVE-2021-3588 Bluez Out-of-bounds Read vulnerability in Bluez

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

2.1
2021-06-09 CVE-2020-24475 Intel Improper Initialization vulnerability in Intel Baseboard Management Controller Firmware 2.18

Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2021-0001 Intel Information Exposure Through Discrepancy vulnerability in Intel products

Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.

2.1
2021-06-09 CVE-2021-0051 Intel Improper Input Validation vulnerability in Intel Server Platform Services

Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC-A_05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2021-0086 Intel
Fedoraproject
Information Exposure Through Discrepancy vulnerability in multiple products

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

2.1
2021-06-09 CVE-2021-0089 Debian
Fedoraproject
Intel
Information Exposure Through Discrepancy vulnerability in multiple products

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

2.1
2021-06-09 CVE-2020-12288 Intel Unspecified vulnerability in Intel products

Protection mechanism failure in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12289 Intel Out-of-bounds Write vulnerability in Intel products

Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12290 Intel Unspecified vulnerability in Intel products

Improper access control in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12291 Intel Resource Exhaustion vulnerability in Intel products

Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12292 Intel Improper Check for Unusual or Exceptional Conditions vulnerability in Intel products

Improper conditions check in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12293 Intel Unspecified vulnerability in Intel products

Improper control of a resource through its lifetime in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12294 Intel Unspecified vulnerability in Intel products

Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12295 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12296 Intel Resource Exhaustion vulnerability in Intel products

Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-12358 Intel Out-of-bounds Write vulnerability in Intel Bios

Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-24486 Intel Improper Input Validation vulnerability in Intel Bios

Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-06-09 CVE-2020-24506 Intel Out-of-bounds Read vulnerability in Intel Converged Security and Manageability Engine

Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access.

2.1
2021-06-09 CVE-2020-24507 Intel Improper Initialization vulnerability in Intel Converged Security and Manageability Engine

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.

2.1
2021-06-09 CVE-2020-24511 Intel
Debian
Netapp
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2021-06-09 CVE-2020-24512 Intel
Debian
Netapp
Information Exposure Through Discrepancy vulnerability in multiple products

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2021-06-09 CVE-2020-24513 Intel
Debian
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
2.1
2021-06-09 CVE-2021-0095 Intel Improper Initialization vulnerability in Intel Bios

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

2.1
2021-06-09 CVE-2021-32942 Aveva Cleartext Storage of Sensitive Information in Memory vulnerability in Aveva Intouch 2017 and Intouch 2020

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

2.1
2021-06-09 CVE-2021-33662 SAP Information Exposure vulnerability in SAP Business ONE 10.0

Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.

2.1
2021-06-09 CVE-2021-26313 XEN
ARM
Broadcom
Intel
Debian
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

2.1
2021-06-09 CVE-2021-26314 XEN
ARM
Broadcom
Intel
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

2.1
2021-06-09 CVE-2020-11265 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and Networking

2.1
2021-06-09 CVE-2020-11266 Qualcomm Unspecified vulnerability in Qualcomm products

Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking

2.1
2021-06-08 CVE-2021-31955 Microsoft Information Exposure vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

2.1
2021-06-08 CVE-2021-31960 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Bind Filter Driver Information Disclosure Vulnerability

2.1
2021-06-08 CVE-2021-31970 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Driver Security Feature Bypass Vulnerability

2.1
2021-06-08 CVE-2021-31972 Microsoft Information Exposure vulnerability in Microsoft products

Event Tracing for Windows Information Disclosure Vulnerability

2.1
2021-06-08 CVE-2021-31978 Microsoft Unspecified vulnerability in Microsoft Malware Protection Engine 1.1.10600.0/1.1.10701.0/1.1.14306.0

Microsoft Defender Denial of Service Vulnerability

2.1
2021-06-08 CVE-2021-32658 Nextcloud Information Exposure vulnerability in Nextcloud

Nextcloud Android is the Android client for the Nextcloud open source home cloud system.

2.1
2021-06-08 CVE-2021-21558 Dell Information Exposure Through Log Files vulnerability in Dell EMC Networker

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability.

2.1
2021-06-08 CVE-2021-3564 Linux
Fedoraproject
Use After Free vulnerability in multiple products

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device.

2.1
2021-06-11 CVE-2021-25390 Google Unspecified vulnerability in Google Android

Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.

1.9
2021-06-09 CVE-2021-27637 SAP Exposure of Resource to Wrong Sphere vulnerability in SAP Enable NOW 1.0/10.0

Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.

1.9
2021-06-09 CVE-2021-3533 Redhat
Fedoraproject
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory.

1.2