Weekly Vulnerabilities Reports > July 12 to 18, 2021

Overview

412 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 165 high severity vulnerabilities. This weekly summary report vulnerabilities in 1774 products from 141 vendors including Siemens, IBM, Google, Qualcomm, and Nextcloud. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Classic Buffer Overflow", and "Path Traversal".

  • 265 reported vulnerabilities are remotely exploitables.
  • 100 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 259 reported vulnerabilities are exploitable by an anonymous user.
  • Siemens has the most reported vulnerabilities, with 58 reported vulnerabilities.
  • Jsish has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

38 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-14 CVE-2021-35211 Solarwinds Out-of-bounds Write vulnerability in Solarwinds Serv-U

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.

10.0
2021-07-15 CVE-2021-25320 Rancher Unspecified vulnerability in Rancher

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID.

9.9
2021-07-17 CVE-2021-33911 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Admanager Plus

Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.

9.8
2021-07-16 CVE-2020-4821 IBM Improper Authentication vulnerability in IBM products

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string.

9.8
2021-07-16 CVE-2021-21804 Advantech Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).

9.8
2021-07-16 CVE-2021-21820 Dlink Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03.

9.8
2021-07-15 CVE-2020-11633 Zscaler Out-of-bounds Write vulnerability in Zscaler Client Connector 2.1/2.1.2

The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers.

9.8
2021-07-15 CVE-2021-34690 Idrive Improper Authentication vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows authentication bypass.

9.8
2021-07-14 CVE-2020-24133 Radare Out-of-bounds Write vulnerability in Radare Radare2-Extras

A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.

9.8
2021-07-14 CVE-2020-18155 Intelliants SQL Injection vulnerability in Intelliants Subrion 4.2.1

SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.

9.8
2021-07-14 CVE-2020-18144 Ectouch SQL Injection vulnerability in Ectouch 2.0

SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php.

9.8
2021-07-14 CVE-2021-0515 Google Out-of-bounds Write vulnerability in Google Android

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check.

9.8
2021-07-14 CVE-2021-25953 Putil Merge Project Unspecified vulnerability in Putil-Merge Project Putil-Merge

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.

9.8
2021-07-13 CVE-2021-21994 Vmware Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.

9.8
2021-07-13 CVE-2021-34552 Python
Debian
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

9.8
2021-07-13 CVE-2020-22873 Jsish Classic Buffer Overflow vulnerability in Jsish

Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.

9.8
2021-07-13 CVE-2020-22874 Jsish Integer Overflow or Wraparound vulnerability in Jsish

Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.

9.8
2021-07-13 CVE-2020-22875 Jsish Integer Overflow or Wraparound vulnerability in Jsish

Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.

9.8
2021-07-13 CVE-2020-22884 Espruino Classic Buffer Overflow vulnerability in Espruino

Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.

9.8
2021-07-13 CVE-2021-33578 Echobh SQL Injection vulnerability in Echobh Sharecare 8.15.5

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.

9.8
2021-07-13 CVE-2021-36124 Echobh Missing Authorization vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

9.8
2021-07-13 CVE-2021-31895 Siemens Out-of-bounds Write vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7).

9.8
2021-07-13 CVE-2020-11307 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

9.8
2021-07-13 CVE-2021-1965 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

9.8
2021-07-12 CVE-2020-18544 WMS Project SQL Injection vulnerability in WMS Project WMS 1.0

SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".

9.8
2021-07-12 CVE-2021-24385 Ninjateam Unspecified vulnerability in Ninjateam Filebird 4.7.3

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request.

9.8
2021-07-12 CVE-2021-24442 Wpdevart Unspecified vulnerability in Wpdevart Poll, Survey, Questionnaire and Voting System

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks

9.8
2021-07-12 CVE-2021-32726 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

9.8
2021-07-12 CVE-2021-23389 Totaljs Code Injection vulnerability in Totaljs Total.Js

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

9.8
2021-07-12 CVE-2021-23390 Totaljs Code Injection vulnerability in Totaljs Total4

The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

9.8
2021-07-12 CVE-2020-18980 Halo Unspecified vulnerability in Halo 0.4.3

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.

9.8
2021-07-12 CVE-2020-21132 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.

9.8
2021-07-12 CVE-2020-21133 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.

9.8
2021-07-12 CVE-2021-35064 Kramerav Improper Privilege Management vulnerability in Kramerav Viaware

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo.

9.8
2021-07-12 CVE-2021-26088 Fortinet Improper Authentication vulnerability in Fortinet Single Sign-On

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.

9.6
2021-07-14 CVE-2021-22779 Schneider Electric Unspecified vulnerability in Schneider-Electric products

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.

9.1
2021-07-13 CVE-2021-31217 Solarwinds Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

9.1
2021-07-12 CVE-2020-19038 Halo Missing Authorization vulnerability in Halo 0.4.3

File Deletion vulnerability in Halo 0.4.3 via delBackup.

9.1

165 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-16 CVE-2021-28053 Centreon SQL Injection vulnerability in Centreon 20.10.0

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.

8.8
2021-07-15 CVE-2021-34827 Dlink Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.8
2021-07-15 CVE-2021-34828 Dlink Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.8
2021-07-15 CVE-2021-34829 Dlink Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.8
2021-07-15 CVE-2021-34830 Dlink Unspecified vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.8
2021-07-15 CVE-2021-32743 Icinga
Debian
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.
8.8
2021-07-15 CVE-2021-32739 Icinga
Debian
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.
8.8
2021-07-15 CVE-2021-25318 Rancher Incorrect Permission Assignment for Critical Resource vulnerability in Rancher

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to.

8.8
2021-07-15 CVE-2021-31999 Rancher Unspecified vulnerability in Rancher

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers.

8.8
2021-07-14 CVE-2021-0592 Google Out-of-bounds Write vulnerability in Google Android

In various functions in WideVine, there are possible out of bounds writes due to improper input validation.

8.8
2021-07-14 CVE-2021-33671 SAP Missing Authorization vulnerability in SAP Netweaver Guided Procedures

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8
2021-07-14 CVE-2021-20781 Pluginus Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter

Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8
2021-07-14 CVE-2021-20782 Tipsandtricks HQ Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager

Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8
2021-07-13 CVE-2021-20423 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions.

8.8
2021-07-13 CVE-2021-36121 Echobh Unrestricted Upload of File with Dangerous Type vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

8.8
2021-07-13 CVE-2021-36122 Echobh Argument Injection or Modification vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

8.8
2021-07-13 CVE-2021-31894 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1).

8.8
2021-07-12 CVE-2020-19907 Mitre OS Command Injection vulnerability in Mitre Caldera

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.

8.8
2021-07-12 CVE-2020-4938 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2021-07-12 CVE-2021-24015 Fortinet OS Command Injection vulnerability in Fortinet Fortimail

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

8.8
2021-07-12 CVE-2021-32688 Nextcloud
Fedoraproject
Nextcloud Server is a Nextcloud package that handles data storage.
8.8
2021-07-12 CVE-2021-32679 Nextcloud
Fedoraproject
Nextcloud Server is a Nextcloud package that handles data storage.
8.8
2021-07-16 CVE-2019-3752 Dell XXE vulnerability in Dell products

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4.

8.2
2021-07-13 CVE-2021-20595 Mitsubishi XXE vulnerability in Mitsubishi products

Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.

8.2
2021-07-16 CVE-2021-32749 Fail2Ban
Fedoraproject
Code Injection vulnerability in multiple products

fail2ban is a daemon to ban hosts that cause multiple authentication errors.

8.1
2021-07-15 CVE-2020-12734 Depstech Missing Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware

DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings.

8.1
2021-07-14 CVE-2021-0514 Google Race Condition vulnerability in Google Android

In several functions of the V8 library, there is a possible use after free due to a race condition.

8.1
2021-07-15 CVE-2021-29742 IBM Unspecified vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system.

8.0
2021-07-14 CVE-2021-0594 Google Injection vulnerability in Google Android

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation.

8.0
2021-07-12 CVE-2021-24441 Fetchdesigns Unspecified vulnerability in Fetchdesigns Sign-Up Sheets

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

8.0
2021-07-16 CVE-2021-3550 Lenovo Uncontrolled Search Path Element vulnerability in Lenovo Pcmanager

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

7.8
2021-07-15 CVE-2020-11632 Zscaler Unquoted Search Path or Element vulnerability in Zscaler Client Connector

The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.

7.8
2021-07-15 CVE-2020-11634 Zscaler Uncontrolled Search Path Element vulnerability in Zscaler Client Connector 2.1/2.1.2/2.1.2.81

The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL.

7.8
2021-07-15 CVE-2021-0278 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device.

7.8
2021-07-15 CVE-2021-36753 BAT Project Uncontrolled Search Path Element vulnerability in BAT Project BAT

sharkdp BAT before 0.18.2 executes less.exe from the current working directory.

7.8
2021-07-15 CVE-2020-15495 Acronis Unspecified vulnerability in Acronis True Image 2019/2020

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.

7.8
2021-07-15 CVE-2020-25736 Acronis Unspecified vulnerability in Acronis True Image 2019/2020/2021

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.

7.8
2021-07-15 CVE-2020-15496 Acronis Improper Preservation of Permissions vulnerability in Acronis True Image

Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.

7.8
2021-07-15 CVE-2021-34692 Idrive Inclusion of Functionality from Untrusted Control Sphere vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows privilege escalation.

7.8
2021-07-15 CVE-2021-33505 Falco Improper Privilege Management vulnerability in Falco

A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed.

7.8
2021-07-14 CVE-2020-29157 Raonwiz Uncontrolled Search Path Element vulnerability in Raonwiz Raon K Editor 2018.0.0.10

An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.

7.8
2021-07-14 CVE-2021-31859 Ysoft Incorrect Permission Assignment for Critical Resource vulnerability in Ysoft Safeq 6.0.55

Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.

7.8
2021-07-14 CVE-2020-25445 Bookingcore Improper Neutralization of Formula Elements in a CSV File vulnerability in Bookingcore Booking Core 1.7.0

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection.

7.8
2021-07-14 CVE-2020-0417 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/8.1/9.0

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent.

7.8
2021-07-14 CVE-2021-0486 Google Incorrect Default Permissions vulnerability in Google Android 10.0/11.0

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass.

7.8
2021-07-14 CVE-2021-0577 Google Out-of-bounds Write vulnerability in Google Android

In flv extractor, there is a possible out of bounds write due to a heap buffer overflow.

7.8
2021-07-14 CVE-2021-0586 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack.

7.8
2021-07-14 CVE-2021-0587 Google Use After Free vulnerability in Google Android

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free.

7.8
2021-07-14 CVE-2021-0589 Google Out-of-bounds Write vulnerability in Google Android

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check.

7.8
2021-07-14 CVE-2021-0600 Google Improper Input Validation vulnerability in Google Android

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation.

7.8
2021-07-14 CVE-2021-0602 Google Information Exposure vulnerability in Google Android 10.0/11.0

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass.

7.8
2021-07-14 CVE-2021-0603 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack.

7.8
2021-07-14 CVE-2021-35469 Lexmark Unquoted Search Path or Element vulnerability in Lexmark products

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

7.8
2021-07-13 CVE-2021-22000 Vmware Uncontrolled Search Path Element vulnerability in VMWare Thinapp

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs.

7.8
2021-07-13 CVE-2021-36376 Delta Project Uncontrolled Search Path Element vulnerability in Delta Project Delta

dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.

7.8
2021-07-13 CVE-2021-31893 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2).

7.8
2021-07-13 CVE-2021-34291 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34292 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34293 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34294 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34295 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34296 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34297 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34298 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34300 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34301 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34305 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34306 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34309 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34310 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34311 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34312 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34313 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34314 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34315 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34316 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34317 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34318 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34319 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34323 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34324 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34326 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34327 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34328 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34329 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34330 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-34331 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

7.8
2021-07-13 CVE-2021-1886 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2021-07-13 CVE-2021-1888 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2021-07-13 CVE-2021-1889 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2021-07-13 CVE-2021-1890 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Improper length check of public exponent in RSA import key function could cause memory corruption.

7.8
2021-07-13 CVE-2021-1940 Qualcomm Use After Free vulnerability in Qualcomm products

Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2021-07-12 CVE-2020-7872 Hmtalk Integer Overflow or Wraparound vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7

DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy.

7.8
2021-07-12 CVE-2021-26089 Fortinet Link Following vulnerability in Fortinet Forticlient

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.

7.8
2021-07-12 CVE-2021-22921 Nodejs
Siemens
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms.

7.8
2021-07-16 CVE-2021-1422 Cisco Reachable Assertion vulnerability in Cisco products

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition.

7.7
2021-07-18 CVE-2021-36773 Sciruby
Ublockorigin
Umatrix Project
Debian
Uncontrolled Recursion vulnerability in multiple products

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

7.5
2021-07-17 CVE-2021-32574 Hashicorp Improper Certificate Validation vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name.

7.5
2021-07-17 CVE-2021-36213 Hashicorp Unspecified vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic.

7.5
2021-07-16 CVE-2021-32769 Objectcomputing Path Traversal vulnerability in Objectcomputing Micronaut

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications.

7.5
2021-07-16 CVE-2021-3649 Chatwoot Unspecified vulnerability in Chatwoot

chatwoot is vulnerable to Inefficient Regular Expression Complexity

7.5
2021-07-16 CVE-2021-21817 Dlink Information Exposure vulnerability in Dlink Dir-3040 Firmware 1.13B03

An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03.

7.5
2021-07-16 CVE-2021-21818 Dlink Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03.

7.5
2021-07-15 CVE-2021-0281 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition.

7.5
2021-07-15 CVE-2021-32770 Gatsbyjs Insufficiently Protected Credentials vulnerability in Gatsbyjs Gatsby-Source-Wordpress

Gatsby is a framework for building websites.

7.5
2021-07-15 CVE-2021-20497 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2021-07-15 CVE-2020-12733 Depstech Incorrect Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware

Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account.

7.5
2021-07-15 CVE-2021-20439 IBM Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.

7.5
2021-07-15 CVE-2021-29725 IBM Allocation of Resources Without Limits or Throttling vulnerability in IBM products

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

7.5
2021-07-15 CVE-2020-12731 Magicsmotion Cleartext Storage of Sensitive Information vulnerability in Magicsmotion Flamingo 2 Firmware

The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.

7.5
2021-07-15 CVE-2021-34691 Idrive Unspecified vulnerability in Idrive Remotepc

iDrive RemotePC before 4.0.1 on Linux allows denial of service.

7.5
2021-07-15 CVE-2020-36420 Polipo Project Reachable Assertion vulnerability in Polipo Project Polipo

Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header.

7.5
2021-07-14 CVE-2021-34173 Espressif Unspecified vulnerability in Espressif Esp32 Firmware 4.2

An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame.

7.5
2021-07-14 CVE-2020-29147 Wayang CMS Project SQL Injection vulnerability in Wayang-Cms Project Wayang-Cms 1.0

A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.

7.5
2021-07-14 CVE-2021-23407 Elfinder NET Core Project Path Traversal vulnerability in Elfinder.Net.Core Project Elfinder.Net.Core

This affects the package elFinder.Net.Core from 0 and before 1.2.4.

7.5
2021-07-14 CVE-2021-36716 Segment Resource Exhaustion vulnerability in Segment Is-Email

A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js.

7.5
2021-07-14 CVE-2021-0596 Google Out-of-bounds Read vulnerability in Google Android

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check.

7.5
2021-07-14 CVE-2021-35527 Hitachienergy Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser.

7.5
2021-07-14 CVE-2021-33670 SAP Unspecified vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

7.5
2021-07-14 CVE-2021-33677 SAP Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.

7.5
2021-07-14 CVE-2021-20748 Retty Use of Hard-coded Credentials vulnerability in Retty

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service.

7.5
2021-07-13 CVE-2021-21995 Vmware Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue.

7.5
2021-07-13 CVE-2021-20360 IBM Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2021-07-13 CVE-2021-20422 IBM Unspecified vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory.

7.5
2021-07-13 CVE-2020-22876 Quickjs Project Classic Buffer Overflow vulnerability in Quickjs Project Quickjs

Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service.

7.5
2021-07-13 CVE-2020-22882 Moddable Type Confusion vulnerability in Moddable Os180328/Os180329

Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload.

7.5
2021-07-13 CVE-2020-22885 Artifex Classic Buffer Overflow vulnerability in Artifex Mujs

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.

7.5
2021-07-13 CVE-2020-22886 Artifex Classic Buffer Overflow vulnerability in Artifex Mujs

Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.

7.5
2021-07-13 CVE-2020-22907 Jsish Out-of-bounds Write vulnerability in Jsish

Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.

7.5
2021-07-13 CVE-2020-28400 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens products

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition.

7.5
2021-07-13 CVE-2021-35515 Apache
Netapp
Oracle
Infinite Loop vulnerability in multiple products

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.

7.5
2021-07-13 CVE-2021-35516 Apache
Netapp
Oracle
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.

7.5
2021-07-13 CVE-2021-35517 Apache
Netapp
Oracle
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.

7.5
2021-07-13 CVE-2021-36090 Apache
Oracle
Netapp
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
7.5
2021-07-13 CVE-2021-1887 Qualcomm Reachable Assertion vulnerability in Qualcomm products

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking

7.5
2021-07-13 CVE-2021-1907 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

7.5
2021-07-13 CVE-2021-1938 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.5
2021-07-13 CVE-2021-1943 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.5
2021-07-13 CVE-2021-1945 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.5
2021-07-13 CVE-2021-1953 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.5
2021-07-13 CVE-2021-1954 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.5
2021-07-13 CVE-2021-1955 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.5
2021-07-13 CVE-2021-1964 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.5
2021-07-13 CVE-2021-1970 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

7.5
2021-07-12 CVE-2021-32727 Nextcloud Improper Certificate Validation vulnerability in Nextcloud

Nextcloud Android Client is the Android client for Nextcloud.

7.5
2021-07-12 CVE-2020-23079 Halo Server-Side Request Forgery (SSRF) vulnerability in Halo

SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.

7.5
2021-07-12 CVE-2021-29794 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Tivoli Netcool/Impact 7.1.0.20/7.1.0.21

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2021-07-12 CVE-2021-32705 Nextcloud
Fedoraproject
Nextcloud Server is a Nextcloud package that handles data storage.
7.5
2021-07-12 CVE-2021-30639 Apache
Mcafee
Oracle
Improper Handling of Exceptional Conditions vulnerability in multiple products

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service.

7.5
2021-07-12 CVE-2021-33807 Gespage Path Traversal vulnerability in Gespage

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.

7.5
2021-07-12 CVE-2021-26090 Fortinet Memory Leak vulnerability in Fortinet Fortimail

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

7.5
2021-07-12 CVE-2021-36377 Fossil SCM
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.

7.5
2021-07-12 CVE-2021-27293 Restsharp Incorrect Comparison vulnerability in Restsharp

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes.

7.5
2021-07-13 CVE-2021-31892 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions).

7.4
2021-07-12 CVE-2021-3547 Openvpn Improper Certificate Validation vulnerability in Openvpn 3.6/3.6.1

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

7.4
2021-07-14 CVE-2021-0441 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI.

7.3
2021-07-13 CVE-2021-31225 Stormshield Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed.

7.3
2021-07-16 CVE-2021-21819 Dlink OS Command Injection vulnerability in Dlink Dir-3040 Firmware 1.13B03

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03.

7.2
2021-07-15 CVE-2021-20533 IBM Unspecified vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

7.2
2021-07-14 CVE-2021-33676 SAP Missing Authorization vulnerability in SAP Customer Relationship Management

A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.

7.2
2021-07-12 CVE-2021-29792 IBM Improper Privilege Management vulnerability in IBM Event Streams

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user.

7.2
2021-07-12 CVE-2020-21131 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.

7.2
2021-07-14 CVE-2021-22778 Schneider Electric Unspecified vulnerability in Schneider-Electric products

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.

7.1
2021-07-14 CVE-2021-22780 Schneider Electric Unspecified vulnerability in Schneider-Electric products

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources.

7.1
2021-07-13 CVE-2021-20593 Mitsubishi Improper Authentication vulnerability in Mitsubishi products

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver.

7.1

201 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-16 CVE-2021-3614 Lenovo Unspecified vulnerability in Lenovo products

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

6.8
2021-07-15 CVE-2021-29699 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user.

6.8
2021-07-14 CVE-2019-11098 Tianocore Improper Input Validation vulnerability in Tianocore EDK II

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

6.8
2021-07-16 CVE-2021-3452 Lenovo Unspecified vulnerability in Lenovo Bios

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

6.7
2021-07-15 CVE-2021-35056 Unisys Unquoted Search Path or Element vulnerability in Unisys Stealth

Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task.

6.7
2021-07-15 CVE-2020-25593 Acronis Incorrect Default Permissions vulnerability in Acronis True Image

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.

6.7
2021-07-14 CVE-2021-0144 Intel Insecure Default Initialization of Resource vulnerability in Intel products

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.

6.7
2021-07-14 CVE-2021-0585 Google Out-of-bounds Write vulnerability in Google Android

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation.

6.7
2021-07-13 CVE-2021-35957 Stormshield Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.

6.7
2021-07-13 CVE-2021-1931 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

6.7
2021-07-12 CVE-2021-21589 Dell Unspecified vulnerability in Dell products

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization.

6.7
2021-07-12 CVE-2021-21590 Dell Insufficiently Protected Credentials vulnerability in Dell products

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability.

6.7
2021-07-12 CVE-2021-21591 Dell Insufficiently Protected Credentials vulnerability in Dell products

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability.

6.7
2021-07-16 CVE-2020-4675 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6

IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2021-07-16 CVE-2020-4980 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest.

6.5
2021-07-15 CVE-2020-23705 Rockcarry Classic Buffer Overflow vulnerability in Rockcarry Ffjpeg

A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

6.5
2021-07-15 CVE-2020-23706 OK File Formats Project Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats

A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

6.5
2021-07-15 CVE-2020-23707 OK File Formats Project Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats

A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

6.5
2021-07-15 CVE-2021-0291 Juniper Information Exposure vulnerability in Juniper Junos 15.1/17.3/17.4

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource.

6.5
2021-07-15 CVE-2021-0292 Juniper Resource Exhaustion vulnerability in Juniper Junos OS Evolved 19.4/20.1/20.2

An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition.

6.5
2021-07-15 CVE-2021-20537 IBM Use of Hard-coded Credentials vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

6.5
2021-07-15 CVE-2021-21586 Dell Path Traversal vulnerability in Dell Wyse Management Suite

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability.

6.5
2021-07-15 CVE-2020-12732 Depstech Insecure Default Initialization of Resource vulnerability in Depstech Wifi Digital Microscope 3 Firmware

DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678.

6.5
2021-07-15 CVE-2021-27847 Libvips Divide By Zero vulnerability in Libvips 8.10.5

Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.

6.5
2021-07-15 CVE-2021-34558 Golang
Fedoraproject
Netapp
Oracle
Improper Certificate Validation vulnerability in multiple products

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

6.5
2021-07-14 CVE-2021-22867 Github Path Traversal vulnerability in Github Enterprise Server

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site.

6.5
2021-07-14 CVE-2020-18151 Thinkcmf Cross-Site Request Forgery (CSRF) vulnerability in Thinkcmf 5.1.0

Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.

6.5
2021-07-14 CVE-2021-36740 Varnish Cache
Varnish Cache Project
Varnish Software
Fedoraproject
Debian
HTTP Request Smuggling vulnerability in multiple products

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request.

6.5
2021-07-14 CVE-2020-27379 Bookingcore Cross-Site Request Forgery (CSRF) vulnerability in Bookingcore Booking Core 1.7.0

Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 .

6.5
2021-07-14 CVE-2020-20231 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process.

6.5
2021-07-14 CVE-2021-33211 Element IT Path Traversal vulnerability in Element-It Http Commander 5.3.3

A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.

6.5
2021-07-14 CVE-2021-33213 Element IT Server-Side Request Forgery (SSRF) vulnerability in Element-It Http Commander 5.3.3

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.

6.5
2021-07-14 CVE-2021-33678 SAP Unspecified vulnerability in SAP Netweaver Application Server Abap

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application.

6.5
2021-07-14 CVE-2021-33680 SAP Classic Buffer Overflow vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

6.5
2021-07-14 CVE-2021-33681 SAP Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

6.5
2021-07-13 CVE-2020-19716 Exiv2
Debian
Classic Buffer Overflow vulnerability in multiple products

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).

6.5
2021-07-13 CVE-2020-19717 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

6.5
2021-07-13 CVE-2020-19718 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

6.5
2021-07-13 CVE-2020-19719 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628

A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS).

6.5
2021-07-13 CVE-2020-19720 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

6.5
2021-07-13 CVE-2020-19721 Axiosys Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1628

A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).

6.5
2021-07-13 CVE-2020-19722 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).

6.5
2021-07-13 CVE-2020-20252 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process.

6.5
2021-07-13 CVE-2021-36123 Echobh Unspecified vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

6.5
2021-07-13 CVE-2020-20250 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process.

6.5
2021-07-12 CVE-2021-32747 Icinga Information Exposure vulnerability in Icinga

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface.

6.5
2021-07-12 CVE-2021-32689 Nextcloud Unspecified vulnerability in Nextcloud Talk

Nextcloud Talk is a fully on-premises audio/video and chat communication service.

6.5
2021-07-12 CVE-2021-30640 Apache
Oracle
Debian
Improper Encoding or Escaping of Output vulnerability in multiple products

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm.

6.5
2021-07-12 CVE-2021-24013 Fortinet Path Traversal vulnerability in Fortinet Fortimail

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

6.5
2021-07-12 CVE-2021-30129 Apache
Oracle
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.

6.5
2021-07-12 CVE-2021-22515 Microfocus Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.

6.5
2021-07-12 CVE-2021-22917 Brave Unspecified vulnerability in Brave Browser

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.

6.5
2021-07-17 CVE-2021-36771 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus

Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.

6.1
2021-07-17 CVE-2021-36772 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus

Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.

6.1
2021-07-16 CVE-2021-21799 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).

6.1
2021-07-16 CVE-2021-21800 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).

6.1
2021-07-16 CVE-2021-21801 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.

6.1
2021-07-16 CVE-2021-21802 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.

6.1
2021-07-16 CVE-2021-21803 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.

6.1
2021-07-16 CVE-2021-3647 URI JS Project Open Redirect vulnerability in Uri.Js Project Uri.Js

URI.js is vulnerable to URL Redirection to Untrusted Site

6.1
2021-07-16 CVE-2021-36755 CGM Remote Monitor Project Cross-site Scripting vulnerability in Cgm-Remote-Monitor Project Cgm-Remote-Monitor 14.2.2

Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header.

6.1
2021-07-14 CVE-2020-18145 Baidu Cross-site Scripting vulnerability in Baidu Umeditor 1.2.3

Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php.

6.1
2021-07-14 CVE-2020-29146 Wayang CMS Project Cross-site Scripting vulnerability in Wayang-Cms Project Wayang-Cms 1.0

A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header.

6.1
2021-07-14 CVE-2021-20784 Voidtools Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in Voidtools Everything

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.

6.1
2021-07-13 CVE-2021-36214 Linecorp Cross-site Scripting vulnerability in Linecorp Line

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.

6.1
2021-07-13 CVE-2020-26153 Eventespresso Cross-site Scripting vulnerability in Eventespresso Event Espresso

A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

6.1
2021-07-13 CVE-2021-33710 Siemens Unspecified vulnerability in Siemens Teamcenter Active Workspace 4.3

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4).

6.1
2021-07-12 CVE-2021-32733 Nextcloud Cross-site Scripting vulnerability in Nextcloud Server

Nextcloud Text is a collaborative document editing application that uses Markdown.

6.1
2021-07-12 CVE-2021-24409 Plugin Planet Unspecified vulnerability in Plugin-Planet Prismatic

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

6.1
2021-07-12 CVE-2021-24429 Salonbookingsystem Unspecified vulnerability in Salonbookingsystem Salon Booking System

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability.

6.1
2021-07-12 CVE-2021-24434 Codeblab Cross-site Scripting vulnerability in Codeblab Glass

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue.

6.1
2021-07-12 CVE-2021-24454 YOP Poll Unspecified vulnerability in Yop-Poll YOP Poll

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page.

6.1
2021-07-12 CVE-2020-18979 Halo Cross-site Scripting vulnerability in Halo 0.4.3

Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.

6.1
2021-07-12 CVE-2021-35037 Jamf Open Redirect vulnerability in Jamf

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises.

6.1
2021-07-13 CVE-2021-20369 IBM Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.9
2021-07-12 CVE-2021-22916 Brave Unspecified vulnerability in Brave

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.

5.9
2021-07-13 CVE-2021-31810 Ruby Lang
Debian
Oracle
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
5.8
2021-07-15 CVE-2021-32750 Muwire Project Cross-site Scripting vulnerability in Muwire Project Muwire

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology.

5.7
2021-07-13 CVE-2021-31221 Stormshield Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.

5.7
2021-07-13 CVE-2021-31222 Stormshield Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.

5.7
2021-07-13 CVE-2021-31223 Stormshield Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2

SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.

5.7
2021-07-15 CVE-2021-0279 Juniper Use of Hard-coded Credentials vulnerability in Juniper Contrail Cloud

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials.

5.5
2021-07-15 CVE-2021-27845 Jasper Project Divide By Zero vulnerability in Jasper Project Jasper

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c

5.5
2021-07-15 CVE-2021-34689 Idrive Information Exposure Through Log Files vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows information disclosure.

5.5
2021-07-14 CVE-2021-22781 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric products

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file.

5.5
2021-07-14 CVE-2021-22782 Schneider Electric Unspecified vulnerability in Schneider-Electric products

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.

5.5
2021-07-14 CVE-2021-0518 Google Missing Authorization vulnerability in Google Android 13.0

In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check.

5.5
2021-07-14 CVE-2021-0588 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 8.1/9.0

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check.

5.5
2021-07-14 CVE-2021-0597 Google Missing Authorization vulnerability in Google Android

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check.

5.5
2021-07-14 CVE-2021-0599 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy.

5.5
2021-07-14 CVE-2021-0601 Google Double Free vulnerability in Google Android

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free.

5.5
2021-07-14 CVE-2021-0604 Google Unspecified vulnerability in Google Android

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy.

5.5
2021-07-14 CVE-2021-0654 Google Missing Authorization vulnerability in Google Android

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check.

5.5
2021-07-14 CVE-2021-22318 Huawei NULL Pointer Dereference vulnerability in Huawei Harmonyos 2.0

A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability.

5.5
2021-07-14 CVE-2021-36373 Apache
Oracle
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
5.5
2021-07-14 CVE-2021-36374 Apache
Oracle
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
5.5
2021-07-13 CVE-2021-22399 Huawei Unspecified vulnerability in Huawei P30 Firmware

The Bluetooth function of some Huawei smartphones has a DoS vulnerability.

5.5
2021-07-13 CVE-2021-33713 Siemens Unspecified vulnerability in Siemens JT Utilities

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0).

5.5
2021-07-13 CVE-2021-33714 Siemens Unspecified vulnerability in Siemens JT Utilities

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0).

5.5
2021-07-13 CVE-2021-33715 Siemens NULL Pointer Dereference vulnerability in Siemens JT Utilities

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0).

5.5
2021-07-13 CVE-2021-34299 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34302 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34303 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34304 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34307 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34308 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34320 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34321 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34322 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34325 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34332 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-13 CVE-2021-34333 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

5.5
2021-07-16 CVE-2021-28054 Centreon Cross-site Scripting vulnerability in Centreon 20.10.0

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.

5.4
2021-07-16 CVE-2021-28114 Froala Cross-site Scripting vulnerability in Froala Editor

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.

5.4
2021-07-16 CVE-2021-36758 1Password Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1

1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation.

5.4
2021-07-15 CVE-2021-32764 Discourse Cross-site Scripting vulnerability in Discourse

Discourse is an open-source discussion platform.

5.4
2021-07-15 CVE-2021-29749 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM products

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF).

5.4
2021-07-14 CVE-2020-25444 Bookingcore Cross-site Scripting vulnerability in Bookingcore Booking Core 1.7.0

Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.

5.4
2021-07-14 CVE-2021-33212 Element IT Cross-site Scripting vulnerability in Element-It Http Commander 5.3.3

A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.

5.4
2021-07-14 CVE-2021-33682 SAP Cross-site Scripting vulnerability in SAP Lumira Server 2.4

SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

5.4
2021-07-13 CVE-2021-20361 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

5.4
2021-07-13 CVE-2021-20362 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

5.4
2021-07-13 CVE-2021-20363 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

5.4
2021-07-13 CVE-2021-20364 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

5.4
2021-07-13 CVE-2021-20365 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

5.4
2021-07-13 CVE-2021-20366 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

5.4
2021-07-13 CVE-2021-20368 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

5.4
2021-07-12 CVE-2021-24365 Admincolumns Unspecified vulnerability in Admincolumns Admin Columns

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables.

5.4
2021-07-12 CVE-2021-24408 Plugin Planet Unspecified vulnerability in Plugin-Planet Prismatic

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them.

5.4
2021-07-12 CVE-2021-24420 Emarketdesign Unspecified vulnerability in Emarketdesign Request a Quote

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.

5.4
2021-07-12 CVE-2021-24421 Eyecix Unspecified vulnerability in Eyecix Jobsearch WP JOB Board

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue

5.4
2021-07-12 CVE-2021-24424 Webfactoryltd Cross-site Scripting vulnerability in Webfactoryltd WP Reset

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

5.4
2021-07-12 CVE-2021-24439 Prothemedesign Unspecified vulnerability in Prothemedesign Browser Screenshots

The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.

5.4
2021-07-12 CVE-2020-18982 Halo Cross-site Scripting vulnerability in Halo 0.4.3

Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.

5.4
2021-07-12 CVE-2020-19201 Netgate Cross-site Scripting vulnerability in Netgate Pfsense

A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier.

5.4
2021-07-12 CVE-2020-19203 Netgate Cross-site Scripting vulnerability in Netgate Pfsense

An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier.

5.4
2021-07-12 CVE-2020-19204 Ipfire Cross-site Scripting vulnerability in Ipfire 2.21

An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter.

5.4
2021-07-12 CVE-2021-29803 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.

5.4
2021-07-12 CVE-2021-29804 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.

5.4
2021-07-12 CVE-2021-29805 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.

5.4
2021-07-12 CVE-2021-29822 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting.

5.4
2021-07-17 CVE-2021-36769 Telegram Unspecified vulnerability in Telegram and Telegram Desktop

A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8.

5.3
2021-07-15 CVE-2021-0289 Juniper Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer.

5.3
2021-07-15 CVE-2021-20498 IBM Information Exposure vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system.

5.3
2021-07-15 CVE-2021-34429 Eclipse
Netapp
Oracle
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
5.3
2021-07-15 CVE-2020-12730 Magicsmotion Cleartext Transmission of Sensitive Information vulnerability in Magicsmotion Flamingo 2 Firmware

MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.

5.3
2021-07-15 CVE-2021-34687 Idrive Use of a Broken or Risky Cryptographic Algorithm vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows information disclosure.

5.3
2021-07-14 CVE-2021-33684 SAP Out-of-bounds Write vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability.

5.3
2021-07-13 CVE-2021-33711 Siemens Unspecified vulnerability in Siemens Teamcenter Active Workspace 4.3

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4).

5.3
2021-07-13 CVE-2021-33718 Siemens Unspecified vulnerability in Siemens Mendix 7.0.0/8.0.0/9.0.0

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0).

5.3
2021-07-12 CVE-2021-32746 Icinga Path Traversal vulnerability in Icinga

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface.

5.3
2021-07-12 CVE-2021-32754 Flowdroid Project XXE vulnerability in Flowdroid Project Flowdroid

FlowDroid is a data flow analysis tool.

5.3
2021-07-12 CVE-2021-32734 Nextcloud Information Exposure Through an Error Message vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

5.3
2021-07-12 CVE-2021-32741 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

5.3
2021-07-12 CVE-2021-32725 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

5.3
2021-07-12 CVE-2020-19037 Halo Improper Authentication vulnerability in Halo 0.4.3

Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.

5.3
2021-07-12 CVE-2021-32703 Nextcloud
Fedoraproject
Nextcloud Server is a Nextcloud package that handles data storage.
5.3
2021-07-12 CVE-2021-36381 Edifecs Injection vulnerability in Edifecs Transaction Management 20210712

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application.

5.3
2021-07-12 CVE-2021-33037 Apache
Debian
Oracle
Mcafee
HTTP Request Smuggling vulnerability in multiple products

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.

5.3
2021-07-12 CVE-2021-32678 Nextcloud
Fedoraproject
Nextcloud Server is a Nextcloud package that handles data storage.
5.3
2021-07-12 CVE-2021-22918 Nodejs
Siemens
Out-of-bounds Read vulnerability in multiple products

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII.

5.3
2021-07-13 CVE-2021-31220 Stormshield Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.

5.2
2021-07-15 CVE-2021-20496 IBM Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation.

4.9
2021-07-15 CVE-2021-20511 IBM Path Traversal vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system.

4.9
2021-07-14 CVE-2021-24117 Apache Information Exposure Through Discrepancy vulnerability in Apache Teaclave SGX SDK 1.1.3

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

4.9
2021-07-14 CVE-2021-24116 Wolfssl Information Exposure Through Discrepancy vulnerability in Wolfssl

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

4.9
2021-07-14 CVE-2021-24119 ARM
Fedoraproject
Debian
Information Exposure Through Discrepancy vulnerability in multiple products

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

4.9
2021-07-14 CVE-2021-33687 SAP Information Exposure vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

4.9
2021-07-12 CVE-2021-20414 IBM Unspecified vulnerability in IBM Guardium Data Encryption 3.0.0.2

IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions.

4.9
2021-07-12 CVE-2021-26099 Fortinet Unspecified vulnerability in Fortinet Fortimail

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.

4.9
2021-07-15 CVE-2021-20524 IBM Cross-site Scripting vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting.

4.8
2021-07-15 CVE-2021-3043 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.

4.8
2021-07-12 CVE-2021-24418 Smooth Scroll Page UP Down Buttons Project Unspecified vulnerability in Smooth Scroll Page Up/Down Buttons Project Smooth Scroll Page Up/Down Buttons

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog

4.8
2021-07-12 CVE-2021-24419 WP Youtube Lyte Project Unspecified vulnerability in WP Youtube Lyte Project WP Youtube Lyte

The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.

4.8
2021-07-12 CVE-2021-24426 WEB Dorado Unspecified vulnerability in Web-Dorado Backup-Wd

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue

4.8
2021-07-12 CVE-2021-24427 Boldgrid Cross-site Scripting vulnerability in Boldgrid W3 Total Cache

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue

4.8
2021-07-12 CVE-2021-24440 Fetchdesigns Unspecified vulnerability in Fetchdesigns Sign-Up Sheets

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue.

4.8
2021-07-16 CVE-2021-3453 Lenovo Unspecified vulnerability in Lenovo products

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

4.6
2021-07-15 CVE-2020-12729 Magicsmotion Unspecified vulnerability in Magicsmotion Flamingo 2 Firmware

MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors.

4.6
2021-07-14 CVE-2021-34174 Broadcom Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware

A vulnerability exists in Broadcom BCM4352 and BCM43684 chips.

4.6
2021-07-13 CVE-2021-22440 Huawei Path Traversal vulnerability in Huawei products

There is a path traversal vulnerability in some Huawei products.

4.6
2021-07-13 CVE-2021-1897 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2021-07-13 CVE-2021-1898 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2021-07-13 CVE-2021-1899 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

4.6
2021-07-13 CVE-2021-1901 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2021-07-15 CVE-2021-20500 IBM Unspecified vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user.

4.4
2021-07-15 CVE-2021-20510 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user.

4.4
2021-07-14 CVE-2021-0590 Google Unspecified vulnerability in Google Android

In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check.

4.4
2021-07-16 CVE-2021-21816 Dlink Information Exposure vulnerability in Dlink Dir-3040 Firmware 1.13B03

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03.

4.3
2021-07-14 CVE-2021-33667 SAP Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.

4.3
2021-07-14 CVE-2021-33683 SAP HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header.

4.3
2021-07-14 CVE-2021-33689 SAP Unspecified vulnerability in SAP Netweaver Application Server Java 7.50

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created.

4.3
2021-07-14 CVE-2021-20747 Retty Missing Authorization vulnerability in Retty

Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

4.3
2021-07-13 CVE-2021-32755 Wire Improper Certificate Validation vulnerability in Wire

Wire is a collaboration platform.

4.3
2021-07-13 CVE-2021-20424 IBM Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.3
2021-07-13 CVE-2021-25671 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16).

4.3
2021-07-13 CVE-2021-33709 Siemens Unspecified vulnerability in Siemens Teamcenter Active Workspace 4.3

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4).

4.3
2021-07-13 CVE-2021-1896 Qualcomm Cleartext Transmission of Sensitive Information vulnerability in Qualcomm products

Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity

4.3
2021-07-12 CVE-2021-32707 Nextcloud Unspecified vulnerability in Nextcloud Mail

Nextcloud Mail is a mail app for Nextcloud.

4.3
2021-07-12 CVE-2021-21588 Dell Insufficient Verification of Data Authenticity vulnerability in Dell Powerflex Presentation Server 3.5

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI.

4.3
2021-07-12 CVE-2021-36383 XEN Orchestra Unspecified vulnerability in Xen-Orchestra Xo-Server and Xo-Web

Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin.

4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-12 CVE-2021-36382 Devolutions Insufficiently Protected Credentials vulnerability in Devolutions Server

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).

3.7
2021-07-15 CVE-2021-20534 IBM Open Redirect vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

3.5
2021-07-13 CVE-2021-31224 Stormshield Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2

SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.

3.5
2021-07-15 CVE-2021-21587 Dell Information Exposure vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability.

3.3
2021-07-15 CVE-2021-34688 Idrive Use of Hard-coded Credentials vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows information disclosure.

3.3
2021-07-12 CVE-2021-32680 Nextcloud
Fedoraproject
Nextcloud Server is a Nextcloud package that handles data storage.
3.3
2021-07-15 CVE-2021-20499 IBM Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

2.7
2021-07-15 CVE-2021-20523 IBM Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

2.7