Weekly Vulnerabilities Reports > July 12 to 18, 2021
Overview
412 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 165 high severity vulnerabilities. This weekly summary report vulnerabilities in 1774 products from 141 vendors including Siemens, IBM, Google, Qualcomm, and Nextcloud. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Classic Buffer Overflow", and "Path Traversal".
- 265 reported vulnerabilities are remotely exploitables.
- 100 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 259 reported vulnerabilities are exploitable by an anonymous user.
- Siemens has the most reported vulnerabilities, with 58 reported vulnerabilities.
- Jsish has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
38 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-14 | CVE-2021-35211 | Solarwinds | Out-of-bounds Write vulnerability in Solarwinds Serv-U Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. | 10.0 |
2021-07-15 | CVE-2021-25320 | Rancher | Unspecified vulnerability in Rancher A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. | 9.9 |
2021-07-17 | CVE-2021-33911 | Zohocorp | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | 9.8 |
2021-07-16 | CVE-2020-4821 | IBM | Improper Authentication vulnerability in IBM products IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. | 9.8 |
2021-07-16 | CVE-2021-21804 | Advantech | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12 A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 9.8 |
2021-07-16 | CVE-2021-21820 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03 A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. | 9.8 |
2021-07-15 | CVE-2020-11633 | Zscaler | Out-of-bounds Write vulnerability in Zscaler Client Connector 2.1/2.1.2 The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. | 9.8 |
2021-07-15 | CVE-2021-34690 | Idrive | Improper Authentication vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. | 9.8 |
2021-07-14 | CVE-2020-24133 | Radare | Out-of-bounds Write vulnerability in Radare Radare2-Extras A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. | 9.8 |
2021-07-14 | CVE-2020-18155 | Intelliants | SQL Injection vulnerability in Intelliants Subrion 4.2.1 SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. | 9.8 |
2021-07-14 | CVE-2020-18144 | Ectouch | SQL Injection vulnerability in Ectouch 2.0 SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php. | 9.8 |
2021-07-14 | CVE-2021-0515 | Out-of-bounds Write vulnerability in Google Android In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 | |
2021-07-14 | CVE-2021-25953 | Putil Merge Project | Unspecified vulnerability in Putil-Merge Project Putil-Merge Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 |
2021-07-13 | CVE-2021-21994 | Vmware | Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. | 9.8 |
2021-07-13 | CVE-2021-34552 | Python Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | 9.8 |
2021-07-13 | CVE-2020-22873 | Jsish | Classic Buffer Overflow vulnerability in Jsish Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code. | 9.8 |
2021-07-13 | CVE-2020-22874 | Jsish | Integer Overflow or Wraparound vulnerability in Jsish Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code. | 9.8 |
2021-07-13 | CVE-2020-22875 | Jsish | Integer Overflow or Wraparound vulnerability in Jsish Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. | 9.8 |
2021-07-13 | CVE-2020-22884 | Espruino | Classic Buffer Overflow vulnerability in Espruino Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code. | 9.8 |
2021-07-13 | CVE-2021-33578 | Echobh | SQL Injection vulnerability in Echobh Sharecare 8.15.5 Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data. | 9.8 |
2021-07-13 | CVE-2021-36124 | Echobh | Missing Authorization vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 9.8 |
2021-07-13 | CVE-2021-31895 | Siemens | Out-of-bounds Write vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). | 9.8 |
2021-07-13 | CVE-2020-11307 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 9.8 |
2021-07-13 | CVE-2021-1965 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 9.8 |
2021-07-12 | CVE-2020-18544 | WMS Project | SQL Injection vulnerability in WMS Project WMS 1.0 SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". | 9.8 |
2021-07-12 | CVE-2021-24385 | Ninjateam | Unspecified vulnerability in Ninjateam Filebird 4.7.3 The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. | 9.8 |
2021-07-12 | CVE-2021-24442 | Wpdevart | Unspecified vulnerability in Wpdevart Poll, Survey, Questionnaire and Voting System The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks | 9.8 |
2021-07-12 | CVE-2021-32726 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 9.8 |
2021-07-12 | CVE-2021-23389 | Totaljs | Code Injection vulnerability in Totaljs Total.Js The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 9.8 |
2021-07-12 | CVE-2021-23390 | Totaljs | Code Injection vulnerability in Totaljs Total4 The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 9.8 |
2021-07-12 | CVE-2020-18980 | Halo | Unspecified vulnerability in Halo 0.4.3 Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | 9.8 |
2021-07-12 | CVE-2020-21132 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. | 9.8 |
2021-07-12 | CVE-2020-21133 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. | 9.8 |
2021-07-12 | CVE-2021-35064 | Kramerav | Improper Privilege Management vulnerability in Kramerav Viaware KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. | 9.8 |
2021-07-12 | CVE-2021-26088 | Fortinet | Improper Authentication vulnerability in Fortinet Single Sign-On An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets. | 9.6 |
2021-07-14 | CVE-2021-22779 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller. | 9.1 |
2021-07-13 | CVE-2021-31217 | Solarwinds | Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200 In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. | 9.1 |
2021-07-12 | CVE-2020-19038 | Halo | Missing Authorization vulnerability in Halo 0.4.3 File Deletion vulnerability in Halo 0.4.3 via delBackup. | 9.1 |
165 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-16 | CVE-2021-28053 | Centreon | SQL Injection vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 8.8 |
2021-07-15 | CVE-2021-34827 | Dlink | Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.8 |
2021-07-15 | CVE-2021-34828 | Dlink | Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.8 |
2021-07-15 | CVE-2021-34829 | Dlink | Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.8 |
2021-07-15 | CVE-2021-34830 | Dlink | Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.8 |
2021-07-15 | CVE-2021-32743 | Icinga Debian | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. | 8.8 |
2021-07-15 | CVE-2021-32739 | Icinga Debian | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. | 8.8 |
2021-07-15 | CVE-2021-25318 | Rancher | Incorrect Permission Assignment for Critical Resource vulnerability in Rancher A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. | 8.8 |
2021-07-15 | CVE-2021-31999 | Rancher | Unspecified vulnerability in Rancher A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. | 8.8 |
2021-07-14 | CVE-2021-0592 | Out-of-bounds Write vulnerability in Google Android In various functions in WideVine, there are possible out of bounds writes due to improper input validation. | 8.8 | |
2021-07-14 | CVE-2021-33671 | SAP | Missing Authorization vulnerability in SAP Netweaver Guided Procedures SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
2021-07-14 | CVE-2021-20781 | Pluginus | Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
2021-07-14 | CVE-2021-20782 | Tipsandtricks HQ | Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
2021-07-13 | CVE-2021-20423 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. | 8.8 |
2021-07-13 | CVE-2021-36121 | Echobh | Unrestricted Upload of File with Dangerous Type vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 8.8 |
2021-07-13 | CVE-2021-36122 | Echobh | Argument Injection or Modification vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 8.8 |
2021-07-13 | CVE-2021-31894 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). | 8.8 |
2021-07-12 | CVE-2020-19907 | Mitre | OS Command Injection vulnerability in Mitre Caldera A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | 8.8 |
2021-07-12 | CVE-2020-4938 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2021-07-12 | CVE-2021-24015 | Fortinet | OS Command Injection vulnerability in Fortinet Fortimail An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. | 8.8 |
2021-07-12 | CVE-2021-32688 | Nextcloud Fedoraproject | Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |
2021-07-12 | CVE-2021-32679 | Nextcloud Fedoraproject | Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |
2021-07-16 | CVE-2019-3752 | Dell | XXE vulnerability in Dell products Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. | 8.2 |
2021-07-13 | CVE-2021-20595 | Mitsubishi | XXE vulnerability in Mitsubishi products Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets. | 8.2 |
2021-07-16 | CVE-2021-32749 | Fail2Ban Fedoraproject | Code Injection vulnerability in multiple products fail2ban is a daemon to ban hosts that cause multiple authentication errors. | 8.1 |
2021-07-15 | CVE-2020-12734 | Depstech | Missing Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. | 8.1 |
2021-07-14 | CVE-2021-0514 | Race Condition vulnerability in Google Android In several functions of the V8 library, there is a possible use after free due to a race condition. | 8.1 | |
2021-07-15 | CVE-2021-29742 | IBM | Unspecified vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. | 8.0 |
2021-07-14 | CVE-2021-0594 | Injection vulnerability in Google Android In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. | 8.0 | |
2021-07-12 | CVE-2021-24441 | Fetchdesigns | Unspecified vulnerability in Fetchdesigns Sign-Up Sheets The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue | 8.0 |
2021-07-16 | CVE-2021-3550 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo Pcmanager A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. | 7.8 |
2021-07-15 | CVE-2020-11632 | Zscaler | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | 7.8 |
2021-07-15 | CVE-2020-11634 | Zscaler | Uncontrolled Search Path Element vulnerability in Zscaler Client Connector 2.1/2.1.2/2.1.2.81 The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. | 7.8 |
2021-07-15 | CVE-2021-0278 | Juniper | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. | 7.8 |
2021-07-15 | CVE-2021-36753 | BAT Project | Uncontrolled Search Path Element vulnerability in BAT Project BAT sharkdp BAT before 0.18.2 executes less.exe from the current working directory. | 7.8 |
2021-07-15 | CVE-2020-15495 | Acronis | Unspecified vulnerability in Acronis True Image 2019/2020 Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 |
2021-07-15 | CVE-2020-25736 | Acronis | Unspecified vulnerability in Acronis True Image 2019/2020/2021 Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 |
2021-07-15 | CVE-2020-15496 | Acronis | Improper Preservation of Permissions vulnerability in Acronis True Image Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | 7.8 |
2021-07-15 | CVE-2021-34692 | Idrive | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. | 7.8 |
2021-07-15 | CVE-2021-33505 | Falco | Improper Privilege Management vulnerability in Falco A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. | 7.8 |
2021-07-14 | CVE-2020-29157 | Raonwiz | Uncontrolled Search Path Element vulnerability in Raonwiz Raon K Editor 2018.0.0.10 An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. | 7.8 |
2021-07-14 | CVE-2021-31859 | Ysoft | Incorrect Permission Assignment for Critical Resource vulnerability in Ysoft Safeq 6.0.55 Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream. | 7.8 |
2021-07-14 | CVE-2020-25445 | Bookingcore | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bookingcore Booking Core 1.7.0 The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. | 7.8 |
2021-07-14 | CVE-2020-0417 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/8.1/9.0 In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. | 7.8 | |
2021-07-14 | CVE-2021-0486 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0 In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. | 7.8 | |
2021-07-14 | CVE-2021-0577 | Out-of-bounds Write vulnerability in Google Android In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 | |
2021-07-14 | CVE-2021-0586 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. | 7.8 | |
2021-07-14 | CVE-2021-0587 | Use After Free vulnerability in Google Android In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. | 7.8 | |
2021-07-14 | CVE-2021-0589 | Out-of-bounds Write vulnerability in Google Android In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. | 7.8 | |
2021-07-14 | CVE-2021-0600 | Improper Input Validation vulnerability in Google Android In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. | 7.8 | |
2021-07-14 | CVE-2021-0602 | Information Exposure vulnerability in Google Android 10.0/11.0 In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. | 7.8 | |
2021-07-14 | CVE-2021-0603 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0 In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. | 7.8 | |
2021-07-14 | CVE-2021-35469 | Lexmark | Unquoted Search Path or Element vulnerability in Lexmark products The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. | 7.8 |
2021-07-13 | CVE-2021-22000 | Vmware | Uncontrolled Search Path Element vulnerability in VMWare Thinapp VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. | 7.8 |
2021-07-13 | CVE-2021-36376 | Delta Project | Uncontrolled Search Path Element vulnerability in Delta Project Delta dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory. | 7.8 |
2021-07-13 | CVE-2021-31893 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). | 7.8 |
2021-07-13 | CVE-2021-34291 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34292 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34293 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34294 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34295 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34296 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34297 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34298 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34300 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34301 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34305 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34306 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34309 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34310 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34311 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34312 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34313 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34314 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34315 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34316 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34317 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34318 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34319 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34323 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34324 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34326 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34327 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34328 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34329 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34330 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34331 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-1886 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2021-07-13 | CVE-2021-1888 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2021-07-13 | CVE-2021-1889 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2021-07-13 | CVE-2021-1890 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Improper length check of public exponent in RSA import key function could cause memory corruption. | 7.8 |
2021-07-13 | CVE-2021-1940 | Qualcomm | Use After Free vulnerability in Qualcomm products Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2021-07-12 | CVE-2020-7872 | Hmtalk | Integer Overflow or Wraparound vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7 DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. | 7.8 |
2021-07-12 | CVE-2021-26089 | Fortinet | Link Following vulnerability in Fortinet Forticlient An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | 7.8 |
2021-07-12 | CVE-2021-22921 | Nodejs Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. | 7.8 |
2021-07-16 | CVE-2021-1422 | Cisco | Reachable Assertion vulnerability in Cisco products A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. | 7.7 |
2021-07-18 | CVE-2021-36773 | Sciruby Ublockorigin Umatrix Project Debian | Uncontrolled Recursion vulnerability in multiple products uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). | 7.5 |
2021-07-17 | CVE-2021-32574 | Hashicorp | Improper Certificate Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. | 7.5 |
2021-07-17 | CVE-2021-36213 | Hashicorp | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. | 7.5 |
2021-07-16 | CVE-2021-32769 | Objectcomputing | Path Traversal vulnerability in Objectcomputing Micronaut Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. | 7.5 |
2021-07-16 | CVE-2021-3649 | Chatwoot | Unspecified vulnerability in Chatwoot chatwoot is vulnerable to Inefficient Regular Expression Complexity | 7.5 |
2021-07-16 | CVE-2021-21817 | Dlink | Information Exposure vulnerability in Dlink Dir-3040 Firmware 1.13B03 An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. | 7.5 |
2021-07-16 | CVE-2021-21818 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03 A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. | 7.5 |
2021-07-15 | CVE-2021-0281 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. | 7.5 |
2021-07-15 | CVE-2021-32770 | Gatsbyjs | Insufficiently Protected Credentials vulnerability in Gatsbyjs Gatsby-Source-Wordpress Gatsby is a framework for building websites. | 7.5 |
2021-07-15 | CVE-2021-20497 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-07-15 | CVE-2020-12733 | Depstech | Incorrect Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | 7.5 |
2021-07-15 | CVE-2021-20439 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | 7.5 |
2021-07-15 | CVE-2021-29725 | IBM | Allocation of Resources Without Limits or Throttling vulnerability in IBM products IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | 7.5 |
2021-07-15 | CVE-2020-12731 | Magicsmotion | Cleartext Storage of Sensitive Information vulnerability in Magicsmotion Flamingo 2 Firmware The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | 7.5 |
2021-07-15 | CVE-2021-34691 | Idrive | Unspecified vulnerability in Idrive Remotepc iDrive RemotePC before 4.0.1 on Linux allows denial of service. | 7.5 |
2021-07-15 | CVE-2020-36420 | Polipo Project | Reachable Assertion vulnerability in Polipo Project Polipo Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. | 7.5 |
2021-07-14 | CVE-2021-34173 | Espressif | Unspecified vulnerability in Espressif Esp32 Firmware 4.2 An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. | 7.5 |
2021-07-14 | CVE-2020-29147 | Wayang CMS Project | SQL Injection vulnerability in Wayang-Cms Project Wayang-Cms 1.0 A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. | 7.5 |
2021-07-14 | CVE-2021-23407 | Elfinder NET Core Project | Path Traversal vulnerability in Elfinder.Net.Core Project Elfinder.Net.Core This affects the package elFinder.Net.Core from 0 and before 1.2.4. | 7.5 |
2021-07-14 | CVE-2021-36716 | Segment | Resource Exhaustion vulnerability in Segment Is-Email A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. | 7.5 |
2021-07-14 | CVE-2021-0596 | Out-of-bounds Read vulnerability in Google Android In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2021-07-14 | CVE-2021-35527 | Hitachienergy | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. | 7.5 |
2021-07-14 | CVE-2021-33670 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | 7.5 |
2021-07-14 | CVE-2021-33677 | SAP | Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | 7.5 |
2021-07-14 | CVE-2021-20748 | Retty | Use of Hard-coded Credentials vulnerability in Retty Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. | 7.5 |
2021-07-13 | CVE-2021-21995 | Vmware | Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. | 7.5 |
2021-07-13 | CVE-2021-20360 | IBM | Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-07-13 | CVE-2021-20422 | IBM | Unspecified vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. | 7.5 |
2021-07-13 | CVE-2020-22876 | Quickjs Project | Classic Buffer Overflow vulnerability in Quickjs Project Quickjs Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. | 7.5 |
2021-07-13 | CVE-2020-22882 | Moddable | Type Confusion vulnerability in Moddable Os180328/Os180329 Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. | 7.5 |
2021-07-13 | CVE-2020-22885 | Artifex | Classic Buffer Overflow vulnerability in Artifex Mujs Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. | 7.5 |
2021-07-13 | CVE-2020-22886 | Artifex | Classic Buffer Overflow vulnerability in Artifex Mujs Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | 7.5 |
2021-07-13 | CVE-2020-22907 | Jsish | Out-of-bounds Write vulnerability in Jsish Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter. | 7.5 |
2021-07-13 | CVE-2020-28400 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. | 7.5 |
2021-07-13 | CVE-2021-35515 | Apache Netapp Oracle | Infinite Loop vulnerability in multiple products When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. | 7.5 |
2021-07-13 | CVE-2021-35516 | Apache Netapp Oracle | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
2021-07-13 | CVE-2021-35517 | Apache Netapp Oracle | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
2021-07-13 | CVE-2021-36090 | Apache Oracle Netapp | When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
2021-07-13 | CVE-2021-1887 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-07-13 | CVE-2021-1907 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 |
2021-07-13 | CVE-2021-1938 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-07-13 | CVE-2021-1943 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-07-13 | CVE-2021-1945 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-07-13 | CVE-2021-1953 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-07-13 | CVE-2021-1954 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-07-13 | CVE-2021-1955 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
2021-07-13 | CVE-2021-1964 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-07-13 | CVE-2021-1970 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.5 |
2021-07-12 | CVE-2021-32727 | Nextcloud | Improper Certificate Validation vulnerability in Nextcloud Nextcloud Android Client is the Android client for Nextcloud. | 7.5 |
2021-07-12 | CVE-2020-23079 | Halo | Server-Side Request Forgery (SSRF) vulnerability in Halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 7.5 |
2021-07-12 | CVE-2021-29794 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Tivoli Netcool/Impact 7.1.0.20/7.1.0.21 IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-07-12 | CVE-2021-32705 | Nextcloud Fedoraproject | Nextcloud Server is a Nextcloud package that handles data storage. | 7.5 |
2021-07-12 | CVE-2021-30639 | Apache Mcafee Oracle | Improper Handling of Exceptional Conditions vulnerability in multiple products A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. | 7.5 |
2021-07-12 | CVE-2021-33807 | Gespage | Path Traversal vulnerability in Gespage Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | 7.5 |
2021-07-12 | CVE-2021-26090 | Fortinet | Memory Leak vulnerability in Fortinet Fortimail A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. | 7.5 |
2021-07-12 | CVE-2021-36377 | Fossil SCM Fedoraproject | Improper Certificate Validation vulnerability in multiple products Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | 7.5 |
2021-07-12 | CVE-2021-27293 | Restsharp | Incorrect Comparison vulnerability in Restsharp RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. | 7.5 |
2021-07-13 | CVE-2021-31892 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). | 7.4 |
2021-07-12 | CVE-2021-3547 | Openvpn | Improper Certificate Validation vulnerability in Openvpn 3.6/3.6.1 OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | 7.4 |
2021-07-14 | CVE-2021-0441 | Incorrect Default Permissions vulnerability in Google Android 11.0 In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. | 7.3 | |
2021-07-13 | CVE-2021-31225 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | 7.3 |
2021-07-16 | CVE-2021-21819 | Dlink | OS Command Injection vulnerability in Dlink Dir-3040 Firmware 1.13B03 A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. | 7.2 |
2021-07-15 | CVE-2021-20533 | IBM | Unspecified vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.2 |
2021-07-14 | CVE-2021-33676 | SAP | Missing Authorization vulnerability in SAP Customer Relationship Management A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | 7.2 |
2021-07-12 | CVE-2021-29792 | IBM | Improper Privilege Management vulnerability in IBM Event Streams IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. | 7.2 |
2021-07-12 | CVE-2020-21131 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. | 7.2 |
2021-07-14 | CVE-2021-22778 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. | 7.1 |
2021-07-14 | CVE-2021-22780 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. | 7.1 |
2021-07-13 | CVE-2021-20593 | Mitsubishi | Improper Authentication vulnerability in Mitsubishi products Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. | 7.1 |
201 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-16 | CVE-2021-3614 | Lenovo | Unspecified vulnerability in Lenovo products A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage. | 6.8 |
2021-07-15 | CVE-2021-29699 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. | 6.8 |
2021-07-14 | CVE-2019-11098 | Tianocore | Improper Input Validation vulnerability in Tianocore EDK II Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | 6.8 |
2021-07-16 | CVE-2021-3452 | Lenovo | Unspecified vulnerability in Lenovo Bios A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
2021-07-15 | CVE-2021-35056 | Unisys | Unquoted Search Path or Element vulnerability in Unisys Stealth Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. | 6.7 |
2021-07-15 | CVE-2020-25593 | Acronis | Incorrect Default Permissions vulnerability in Acronis True Image Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | 6.7 |
2021-07-14 | CVE-2021-0144 | Intel | Insecure Default Initialization of Resource vulnerability in Intel products Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. | 6.7 |
2021-07-14 | CVE-2021-0585 | Out-of-bounds Write vulnerability in Google Android In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2021-07-13 | CVE-2021-35957 | Stormshield | Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | 6.7 |
2021-07-13 | CVE-2021-1931 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 6.7 |
2021-07-12 | CVE-2021-21589 | Dell | Unspecified vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. | 6.7 |
2021-07-12 | CVE-2021-21590 | Dell | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. | 6.7 |
2021-07-12 | CVE-2021-21591 | Dell | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. | 6.7 |
2021-07-16 | CVE-2020-4675 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6 IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2021-07-16 | CVE-2020-4980 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. | 6.5 |
2021-07-15 | CVE-2020-23705 | Rockcarry | Classic Buffer Overflow vulnerability in Rockcarry Ffjpeg A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | 6.5 |
2021-07-15 | CVE-2020-23706 | OK File Formats Project | Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | 6.5 |
2021-07-15 | CVE-2020-23707 | OK File Formats Project | Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | 6.5 |
2021-07-15 | CVE-2021-0291 | Juniper | Information Exposure vulnerability in Juniper Junos 15.1/17.3/17.4 An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. | 6.5 |
2021-07-15 | CVE-2021-0292 | Juniper | Resource Exhaustion vulnerability in Juniper Junos OS Evolved 19.4/20.1/20.2 An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. | 6.5 |
2021-07-15 | CVE-2021-20537 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 6.5 |
2021-07-15 | CVE-2021-21586 | Dell | Path Traversal vulnerability in Dell Wyse Management Suite Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. | 6.5 |
2021-07-15 | CVE-2020-12732 | Depstech | Insecure Default Initialization of Resource vulnerability in Depstech Wifi Digital Microscope 3 Firmware DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | 6.5 |
2021-07-15 | CVE-2021-27847 | Libvips | Divide By Zero vulnerability in Libvips 8.10.5 Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. | 6.5 |
2021-07-15 | CVE-2021-34558 | Golang Fedoraproject Netapp Oracle | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |
2021-07-14 | CVE-2021-22867 | Github | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 6.5 |
2021-07-14 | CVE-2020-18151 | Thinkcmf | Cross-Site Request Forgery (CSRF) vulnerability in Thinkcmf 5.1.0 Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | 6.5 |
2021-07-14 | CVE-2021-36740 | Varnish Cache Varnish Cache Project Varnish Software Fedoraproject Debian | HTTP Request Smuggling vulnerability in multiple products Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. | 6.5 |
2021-07-14 | CVE-2020-27379 | Bookingcore | Cross-Site Request Forgery (CSRF) vulnerability in Bookingcore Booking Core 1.7.0 Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . | 6.5 |
2021-07-14 | CVE-2020-20231 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. | 6.5 |
2021-07-14 | CVE-2021-33211 | Element IT | Path Traversal vulnerability in Element-It Http Commander 5.3.3 A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. | 6.5 |
2021-07-14 | CVE-2021-33213 | Element IT | Server-Side Request Forgery (SSRF) vulnerability in Element-It Http Commander 5.3.3 An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address. | 6.5 |
2021-07-14 | CVE-2021-33678 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. | 6.5 |
2021-07-14 | CVE-2021-33680 | SAP | Classic Buffer Overflow vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | 6.5 |
2021-07-14 | CVE-2021-33681 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | 6.5 |
2021-07-13 | CVE-2020-19716 | Exiv2 Debian | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-19717 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-19718 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-19719 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628 A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-19720 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-19721 | Axiosys | Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1628 A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-19722 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-20252 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. | 6.5 |
2021-07-13 | CVE-2021-36123 | Echobh | Unspecified vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 6.5 |
2021-07-13 | CVE-2020-20250 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. | 6.5 |
2021-07-12 | CVE-2021-32747 | Icinga | Information Exposure vulnerability in Icinga Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. | 6.5 |
2021-07-12 | CVE-2021-32689 | Nextcloud | Unspecified vulnerability in Nextcloud Talk Nextcloud Talk is a fully on-premises audio/video and chat communication service. | 6.5 |
2021-07-12 | CVE-2021-30640 | Apache Oracle Debian | Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. | 6.5 |
2021-07-12 | CVE-2021-24013 | Fortinet | Path Traversal vulnerability in Fortinet Fortimail Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. | 6.5 |
2021-07-12 | CVE-2021-30129 | Apache Oracle | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. | 6.5 |
2021-07-12 | CVE-2021-22515 | Microfocus | Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | 6.5 |
2021-07-12 | CVE-2021-22917 | Brave | Unspecified vulnerability in Brave Browser Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. | 6.5 |
2021-07-17 | CVE-2021-36771 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. | 6.1 |
2021-07-17 | CVE-2021-36772 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. | 6.1 |
2021-07-16 | CVE-2021-21799 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 6.1 |
2021-07-16 | CVE-2021-21800 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 6.1 |
2021-07-16 | CVE-2021-21801 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. | 6.1 |
2021-07-16 | CVE-2021-21802 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. | 6.1 |
2021-07-16 | CVE-2021-21803 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. | 6.1 |
2021-07-16 | CVE-2021-3647 | URI JS Project | Open Redirect vulnerability in Uri.Js Project Uri.Js URI.js is vulnerable to URL Redirection to Untrusted Site | 6.1 |
2021-07-16 | CVE-2021-36755 | CGM Remote Monitor Project | Cross-site Scripting vulnerability in Cgm-Remote-Monitor Project Cgm-Remote-Monitor 14.2.2 Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. | 6.1 |
2021-07-14 | CVE-2020-18145 | Baidu | Cross-site Scripting vulnerability in Baidu Umeditor 1.2.3 Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. | 6.1 |
2021-07-14 | CVE-2020-29146 | Wayang CMS Project | Cross-site Scripting vulnerability in Wayang-Cms Project Wayang-Cms 1.0 A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header. | 6.1 |
2021-07-14 | CVE-2021-20784 | Voidtools | Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in Voidtools Everything HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product. | 6.1 |
2021-07-13 | CVE-2021-36214 | Linecorp | Cross-site Scripting vulnerability in Linecorp Line LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. | 6.1 |
2021-07-13 | CVE-2020-26153 | Eventespresso | Cross-site Scripting vulnerability in Eventespresso Event Espresso A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |
2021-07-13 | CVE-2021-33710 | Siemens | Unspecified vulnerability in Siemens Teamcenter Active Workspace 4.3 A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). | 6.1 |
2021-07-12 | CVE-2021-32733 | Nextcloud | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Text is a collaborative document editing application that uses Markdown. | 6.1 |
2021-07-12 | CVE-2021-24409 | Plugin Planet | Unspecified vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | 6.1 |
2021-07-12 | CVE-2021-24429 | Salonbookingsystem | Unspecified vulnerability in Salonbookingsystem Salon Booking System The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2021-07-12 | CVE-2021-24434 | Codeblab | Cross-site Scripting vulnerability in Codeblab Glass The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. | 6.1 |
2021-07-12 | CVE-2021-24454 | YOP Poll | Unspecified vulnerability in Yop-Poll YOP Poll In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. | 6.1 |
2021-07-12 | CVE-2020-18979 | Halo | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | 6.1 |
2021-07-12 | CVE-2021-35037 | Jamf | Open Redirect vulnerability in Jamf Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. | 6.1 |
2021-07-13 | CVE-2021-20369 | IBM | Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
2021-07-12 | CVE-2021-22916 | Brave | Unspecified vulnerability in Brave In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure. | 5.9 |
2021-07-13 | CVE-2021-31810 | Ruby Lang Debian Oracle | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. | 5.8 |
2021-07-15 | CVE-2021-32750 | Muwire Project | Cross-site Scripting vulnerability in Muwire Project Muwire MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. | 5.7 |
2021-07-13 | CVE-2021-31221 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. | 5.7 |
2021-07-13 | CVE-2021-31222 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | 5.7 |
2021-07-13 | CVE-2021-31223 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. | 5.7 |
2021-07-15 | CVE-2021-0279 | Juniper | Use of Hard-coded Credentials vulnerability in Juniper Contrail Cloud Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. | 5.5 |
2021-07-15 | CVE-2021-27845 | Jasper Project | Divide By Zero vulnerability in Jasper Project Jasper A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c | 5.5 |
2021-07-15 | CVE-2021-34689 | Idrive | Information Exposure Through Log Files vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows information disclosure. | 5.5 |
2021-07-14 | CVE-2021-22781 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. | 5.5 |
2021-07-14 | CVE-2021-22782 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. | 5.5 |
2021-07-14 | CVE-2021-0518 | Missing Authorization vulnerability in Google Android 13.0 In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. | 5.5 | |
2021-07-14 | CVE-2021-0588 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 8.1/9.0 In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. | 5.5 | |
2021-07-14 | CVE-2021-0597 | Missing Authorization vulnerability in Google Android In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. | 5.5 | |
2021-07-14 | CVE-2021-0599 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. | 5.5 | |
2021-07-14 | CVE-2021-0601 | Double Free vulnerability in Google Android In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. | 5.5 | |
2021-07-14 | CVE-2021-0604 | Unspecified vulnerability in Google Android In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. | 5.5 | |
2021-07-14 | CVE-2021-0654 | Missing Authorization vulnerability in Google Android In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. | 5.5 | |
2021-07-14 | CVE-2021-22318 | Huawei | NULL Pointer Dereference vulnerability in Huawei Harmonyos 2.0 A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. | 5.5 |
2021-07-14 | CVE-2021-36373 | Apache Oracle | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. | 5.5 |
2021-07-14 | CVE-2021-36374 | Apache Oracle | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. | 5.5 |
2021-07-13 | CVE-2021-22399 | Huawei | Unspecified vulnerability in Huawei P30 Firmware The Bluetooth function of some Huawei smartphones has a DoS vulnerability. | 5.5 |
2021-07-13 | CVE-2021-33713 | Siemens | Unspecified vulnerability in Siemens JT Utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). | 5.5 |
2021-07-13 | CVE-2021-33714 | Siemens | Unspecified vulnerability in Siemens JT Utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). | 5.5 |
2021-07-13 | CVE-2021-33715 | Siemens | NULL Pointer Dereference vulnerability in Siemens JT Utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). | 5.5 |
2021-07-13 | CVE-2021-34299 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34302 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34303 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34304 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34307 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34308 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34320 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34321 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34322 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34325 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34332 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34333 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-16 | CVE-2021-28054 | Centreon | Cross-site Scripting vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 5.4 |
2021-07-16 | CVE-2021-28114 | Froala | Cross-site Scripting vulnerability in Froala Editor Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | 5.4 |
2021-07-16 | CVE-2021-36758 | 1Password | Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. | 5.4 |
2021-07-15 | CVE-2021-32764 | Discourse | Cross-site Scripting vulnerability in Discourse Discourse is an open-source discussion platform. | 5.4 |
2021-07-15 | CVE-2021-29749 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). | 5.4 |
2021-07-14 | CVE-2020-25444 | Bookingcore | Cross-site Scripting vulnerability in Bookingcore Booking Core 1.7.0 Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. | 5.4 |
2021-07-14 | CVE-2021-33212 | Element IT | Cross-site Scripting vulnerability in Element-It Http Commander 5.3.3 A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image. | 5.4 |
2021-07-14 | CVE-2021-33682 | SAP | Cross-site Scripting vulnerability in SAP Lumira Server 2.4 SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2021-07-13 | CVE-2021-20361 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 5.4 |
2021-07-13 | CVE-2021-20362 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 5.4 |
2021-07-13 | CVE-2021-20363 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 5.4 |
2021-07-13 | CVE-2021-20364 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 5.4 |
2021-07-13 | CVE-2021-20365 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 5.4 |
2021-07-13 | CVE-2021-20366 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 5.4 |
2021-07-13 | CVE-2021-20368 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 5.4 |
2021-07-12 | CVE-2021-24365 | Admincolumns | Unspecified vulnerability in Admincolumns Admin Columns The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. | 5.4 |
2021-07-12 | CVE-2021-24408 | Plugin Planet | Unspecified vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. | 5.4 |
2021-07-12 | CVE-2021-24420 | Emarketdesign | Unspecified vulnerability in Emarketdesign Request a Quote The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table. | 5.4 |
2021-07-12 | CVE-2021-24421 | Eyecix | Unspecified vulnerability in Eyecix Jobsearch WP JOB Board The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue | 5.4 |
2021-07-12 | CVE-2021-24424 | Webfactoryltd | Cross-site Scripting vulnerability in Webfactoryltd WP Reset The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue | 5.4 |
2021-07-12 | CVE-2021-24439 | Prothemedesign | Unspecified vulnerability in Prothemedesign Browser Screenshots The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped. | 5.4 |
2021-07-12 | CVE-2020-18982 | Halo | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | 5.4 |
2021-07-12 | CVE-2020-19201 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. | 5.4 |
2021-07-12 | CVE-2020-19203 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. | 5.4 |
2021-07-12 | CVE-2020-19204 | Ipfire | Cross-site Scripting vulnerability in Ipfire 2.21 An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. | 5.4 |
2021-07-12 | CVE-2021-29803 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 5.4 |
2021-07-12 | CVE-2021-29804 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 5.4 |
2021-07-12 | CVE-2021-29805 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 5.4 |
2021-07-12 | CVE-2021-29822 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 5.4 |
2021-07-17 | CVE-2021-36769 | Telegram | Unspecified vulnerability in Telegram and Telegram Desktop A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. | 5.3 |
2021-07-15 | CVE-2021-0289 | Juniper | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. | 5.3 |
2021-07-15 | CVE-2021-20498 | IBM | Information Exposure vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. | 5.3 |
2021-07-15 | CVE-2021-34429 | Eclipse Netapp Oracle | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. | 5.3 |
2021-07-15 | CVE-2020-12730 | Magicsmotion | Cleartext Transmission of Sensitive Information vulnerability in Magicsmotion Flamingo 2 Firmware MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. | 5.3 |
2021-07-15 | CVE-2021-34687 | Idrive | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows information disclosure. | 5.3 |
2021-07-14 | CVE-2021-33684 | SAP | Out-of-bounds Write vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. | 5.3 |
2021-07-13 | CVE-2021-33711 | Siemens | Unspecified vulnerability in Siemens Teamcenter Active Workspace 4.3 A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). | 5.3 |
2021-07-13 | CVE-2021-33718 | Siemens | Unspecified vulnerability in Siemens Mendix 7.0.0/8.0.0/9.0.0 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). | 5.3 |
2021-07-12 | CVE-2021-32746 | Icinga | Path Traversal vulnerability in Icinga Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. | 5.3 |
2021-07-12 | CVE-2021-32754 | Flowdroid Project | XXE vulnerability in Flowdroid Project Flowdroid FlowDroid is a data flow analysis tool. | 5.3 |
2021-07-12 | CVE-2021-32734 | Nextcloud | Information Exposure Through an Error Message vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-32741 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-32725 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2020-19037 | Halo | Improper Authentication vulnerability in Halo 0.4.3 Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | 5.3 |
2021-07-12 | CVE-2021-32703 | Nextcloud Fedoraproject | Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-36381 | Edifecs | Injection vulnerability in Edifecs Transaction Management 20210712 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. | 5.3 |
2021-07-12 | CVE-2021-33037 | Apache Debian Oracle Mcafee | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
2021-07-12 | CVE-2021-32678 | Nextcloud Fedoraproject | Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-22918 | Nodejs Siemens | Out-of-bounds Read vulnerability in multiple products Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. | 5.3 |
2021-07-13 | CVE-2021-31220 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | 5.2 |
2021-07-15 | CVE-2021-20496 | IBM | Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. | 4.9 |
2021-07-15 | CVE-2021-20511 | IBM | Path Traversal vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. | 4.9 |
2021-07-14 | CVE-2021-24117 | Apache | Information Exposure Through Discrepancy vulnerability in Apache Teaclave SGX SDK 1.1.3 In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
2021-07-14 | CVE-2021-24116 | Wolfssl | Information Exposure Through Discrepancy vulnerability in Wolfssl In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
2021-07-14 | CVE-2021-24119 | ARM Fedoraproject Debian | Information Exposure Through Discrepancy vulnerability in multiple products In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
2021-07-14 | CVE-2021-33687 | SAP | Information Exposure vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information. | 4.9 |
2021-07-12 | CVE-2021-20414 | IBM | Unspecified vulnerability in IBM Guardium Data Encryption 3.0.0.2 IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. | 4.9 |
2021-07-12 | CVE-2021-26099 | Fortinet | Unspecified vulnerability in Fortinet Fortimail Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | 4.9 |
2021-07-15 | CVE-2021-20524 | IBM | Cross-site Scripting vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. | 4.8 |
2021-07-15 | CVE-2021-3043 | Paloaltonetworks | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12 A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. | 4.8 |
2021-07-12 | CVE-2021-24418 | Smooth Scroll Page UP Down Buttons Project | Unspecified vulnerability in Smooth Scroll Page Up/Down Buttons Project Smooth Scroll Page Up/Down Buttons The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog | 4.8 |
2021-07-12 | CVE-2021-24419 | WP Youtube Lyte Project | Unspecified vulnerability in WP Youtube Lyte Project WP Youtube Lyte The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. | 4.8 |
2021-07-12 | CVE-2021-24426 | WEB Dorado | Unspecified vulnerability in Web-Dorado Backup-Wd The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue | 4.8 |
2021-07-12 | CVE-2021-24427 | Boldgrid | Cross-site Scripting vulnerability in Boldgrid W3 Total Cache The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue | 4.8 |
2021-07-12 | CVE-2021-24440 | Fetchdesigns | Unspecified vulnerability in Fetchdesigns Sign-Up Sheets The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. | 4.8 |
2021-07-16 | CVE-2021-3453 | Lenovo | Unspecified vulnerability in Lenovo products Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. | 4.6 |
2021-07-15 | CVE-2020-12729 | Magicsmotion | Unspecified vulnerability in Magicsmotion Flamingo 2 Firmware MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. | 4.6 |
2021-07-14 | CVE-2021-34174 | Broadcom | Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. | 4.6 |
2021-07-13 | CVE-2021-22440 | Huawei | Path Traversal vulnerability in Huawei products There is a path traversal vulnerability in some Huawei products. | 4.6 |
2021-07-13 | CVE-2021-1897 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 4.6 |
2021-07-13 | CVE-2021-1898 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 4.6 |
2021-07-13 | CVE-2021-1899 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 4.6 |
2021-07-13 | CVE-2021-1901 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 4.6 |
2021-07-15 | CVE-2021-20500 | IBM | Unspecified vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. | 4.4 |
2021-07-15 | CVE-2021-20510 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. | 4.4 |
2021-07-14 | CVE-2021-0590 | Unspecified vulnerability in Google Android In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. | 4.4 | |
2021-07-16 | CVE-2021-21816 | Dlink | Information Exposure vulnerability in Dlink Dir-3040 Firmware 1.13B03 An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. | 4.3 |
2021-07-14 | CVE-2021-33667 | SAP | Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430 Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. | 4.3 |
2021-07-14 | CVE-2021-33683 | SAP | HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. | 4.3 |
2021-07-14 | CVE-2021-33689 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. | 4.3 |
2021-07-14 | CVE-2021-20747 | Retty | Missing Authorization vulnerability in Retty Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 4.3 |
2021-07-13 | CVE-2021-32755 | Wire | Improper Certificate Validation vulnerability in Wire Wire is a collaboration platform. | 4.3 |
2021-07-13 | CVE-2021-20424 | IBM | Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
2021-07-13 | CVE-2021-25671 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). | 4.3 |
2021-07-13 | CVE-2021-33709 | Siemens | Unspecified vulnerability in Siemens Teamcenter Active Workspace 4.3 A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). | 4.3 |
2021-07-13 | CVE-2021-1896 | Qualcomm | Cleartext Transmission of Sensitive Information vulnerability in Qualcomm products Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity | 4.3 |
2021-07-12 | CVE-2021-32707 | Nextcloud | Unspecified vulnerability in Nextcloud Mail Nextcloud Mail is a mail app for Nextcloud. | 4.3 |
2021-07-12 | CVE-2021-21588 | Dell | Insufficient Verification of Data Authenticity vulnerability in Dell Powerflex Presentation Server 3.5 Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. | 4.3 |
2021-07-12 | CVE-2021-36383 | XEN Orchestra | Unspecified vulnerability in Xen-Orchestra Xo-Server and Xo-Web Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. | 4.3 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-12 | CVE-2021-36382 | Devolutions | Insufficiently Protected Credentials vulnerability in Devolutions Server Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | 3.7 |
2021-07-15 | CVE-2021-20534 | IBM | Open Redirect vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 3.5 |
2021-07-13 | CVE-2021-31224 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. | 3.5 |
2021-07-15 | CVE-2021-21587 | Dell | Information Exposure vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. | 3.3 |
2021-07-15 | CVE-2021-34688 | Idrive | Use of Hard-coded Credentials vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows information disclosure. | 3.3 |
2021-07-12 | CVE-2021-32680 | Nextcloud Fedoraproject | Nextcloud Server is a Nextcloud package that handles data storage. | 3.3 |
2021-07-15 | CVE-2021-20499 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |
2021-07-15 | CVE-2021-20523 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |