Weekly Vulnerabilities Reports > July 12 to 18, 2021
Overview
545 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 169 high severity vulnerabilities. This weekly summary report vulnerabilities in 1805 products from 143 vendors including Microsoft, Siemens, IBM, Google, and Qualcomm. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Classic Buffer Overflow", and "Improper Privilege Management".
- 354 reported vulnerabilities are remotely exploitables.
- 126 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 374 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 117 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
21 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-16 | CVE-2021-35961 | Secom | Use of Hard-coded Credentials vulnerability in Secom Dr.Id Access Control 3.3.2 Dr. | 10.0 |
2021-07-15 | CVE-2020-11633 | Zscaler | Out-of-bounds Write vulnerability in Zscaler Client Connector The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. | 10.0 |
2021-07-14 | CVE-2021-35211 | Solarwinds | Out-of-bounds Write vulnerability in Solarwinds Serv-U Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. | 10.0 |
2021-07-14 | CVE-2021-0515 | Out-of-bounds Write vulnerability in Google Android In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. | 10.0 | |
2021-07-13 | CVE-2020-11307 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 10.0 |
2021-07-13 | CVE-2021-1965 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-07-12 | CVE-2021-35064 | Kramerav | Improper Privilege Management vulnerability in Kramerav Viaware KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. | 10.0 |
2021-07-16 | CVE-2021-34458 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2016 and Windows Server 2019 Windows Kernel Remote Code Execution Vulnerability | 9.9 |
2021-07-15 | CVE-2021-25320 | Rancher | Unspecified vulnerability in Rancher A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. | 9.9 |
2021-07-16 | CVE-2021-21804 | Advantech | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12 A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 9.8 |
2021-07-14 | CVE-2020-24133 | Radare | Out-of-bounds Write vulnerability in Radare Radare2-Extras A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. | 9.8 |
2021-07-14 | CVE-2021-25953 | Putil Merge Project | Unspecified vulnerability in Putil-Merge Project Putil-Merge Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 |
2021-07-13 | CVE-2021-34552 | Python Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | 9.8 |
2021-07-12 | CVE-2021-32726 | Nextcloud | Incorrect Ownership Assignment vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 9.8 |
2021-07-13 | CVE-2021-31217 | Solarwinds | Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200 In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. | 9.4 |
2021-07-14 | CVE-2021-0514 | Race Condition vulnerability in Google Android In several functions of the V8 library, there is a possible use after free due to a race condition. | 9.3 | |
2021-07-14 | CVE-2021-0592 | Out-of-bounds Write vulnerability in Google Android In various functions in WideVine, there are possible out of bounds writes due to improper input validation. | 9.3 | |
2021-07-14 | CVE-2021-34473 | Microsoft | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |
2021-07-12 | CVE-2020-19038 | Halo | Missing Authorization vulnerability in Halo 0.4.3 File Deletion vulnerability in Halo 0.4.3 via delBackup. | 9.1 |
2021-07-16 | CVE-2021-21819 | Dlink | OS Command Injection vulnerability in Dlink Dir-3040 Firmware 1.13B03 A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. | 9.0 |
2021-07-14 | CVE-2021-34523 | Microsoft | Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.0 |
169 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-16 | CVE-2021-34442 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
2021-07-16 | CVE-2021-34481 | Microsoft | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 8.8 |
2021-07-14 | CVE-2021-33749 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
2021-07-14 | CVE-2021-33750 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
2021-07-14 | CVE-2021-33752 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
2021-07-14 | CVE-2021-33756 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
2021-07-14 | CVE-2021-33780 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
2021-07-14 | CVE-2021-34494 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
2021-07-14 | CVE-2021-34508 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Remote Code Execution Vulnerability | 8.8 |
2021-07-14 | CVE-2021-34525 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
2021-07-12 | CVE-2020-19907 | Mitre | OS Command Injection vulnerability in Mitre Caldera A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | 8.8 |
2021-07-12 | CVE-2021-32688 | Nextcloud Fedoraproject | Improper Authorization vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |
2021-07-12 | CVE-2021-32679 | Nextcloud Fedoraproject | Improper Encoding or Escaping of Output vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |
2021-07-16 | CVE-2021-34450 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Remote Code Execution Vulnerability | 8.5 |
2021-07-13 | CVE-2021-20595 | Mitsubishi | XXE vulnerability in Mitsubishi products Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets. | 8.5 |
2021-07-15 | CVE-2021-34827 | Dlink | Stack-based Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.3 |
2021-07-15 | CVE-2021-34828 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.3 |
2021-07-15 | CVE-2021-34829 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.3 |
2021-07-15 | CVE-2021-34830 | Dlink | Stack-based Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. | 8.3 |
2021-07-14 | CVE-2021-33767 | Microsoft | Unspecified vulnerability in Microsoft Open Enclave Software Development KIT Open Enclave SDK Elevation of Privilege Vulnerability | 8.2 |
2021-07-14 | CVE-2021-34469 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Office Security Feature Bypass Vulnerability | 8.2 |
2021-07-16 | CVE-2021-32749 | Fail2Ban Fedoraproject | Code Injection vulnerability in multiple products fail2ban is a daemon to ban hosts that cause multiple authentication errors. | 8.1 |
2021-07-14 | CVE-2021-33779 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2016 and Windows Server 2019 Windows AD FS Security Feature Bypass Vulnerability | 8.1 |
2021-07-14 | CVE-2021-33781 | Microsoft | Unspecified vulnerability in Microsoft products Azure AD Security Feature Bypass Vulnerability | 8.1 |
2021-07-14 | CVE-2021-33786 | Microsoft | Unspecified vulnerability in Microsoft products Windows LSA Security Feature Bypass Vulnerability | 8.1 |
2021-07-14 | CVE-2021-34492 | Microsoft | Unspecified vulnerability in Microsoft products Windows Certificate Spoofing Vulnerability | 8.1 |
2021-07-14 | CVE-2021-34520 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.1 |
2021-07-16 | CVE-2021-34446 | Microsoft | Unspecified vulnerability in Microsoft products Windows HTML Platforms Security Feature Bypass Vulnerability | 8.0 |
2021-07-14 | CVE-2021-33746 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 8.0 |
2021-07-14 | CVE-2021-33754 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 8.0 |
2021-07-14 | CVE-2021-33768 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.0 |
2021-07-14 | CVE-2021-34470 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.0 |
2021-07-14 | CVE-2021-34474 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Business Central 2020/2021 Dynamics Business Central Remote Code Execution Vulnerability | 8.0 |
2021-07-14 | CVE-2021-0594 | Injection vulnerability in Google Android In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. | 7.9 | |
2021-07-16 | CVE-2021-34438 | Microsoft | Unspecified vulnerability in Microsoft products Windows Font Driver Host Remote Code Execution Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34439 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34441 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34445 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34452 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Office and Word Microsoft Word Remote Code Execution Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34455 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows File History Service Elevation of Privilege Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34456 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34459 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows AppContainer Elevation Of Privilege Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34460 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34461 | Microsoft | Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2021-07-16 | CVE-2021-34464 | Microsoft | Unspecified vulnerability in Microsoft Malware Protection Engine Microsoft Defender Remote Code Execution Vulnerability | 7.8 |
2021-07-15 | CVE-2021-0283 | Juniper | Classic Buffer Overflow vulnerability in Juniper Junos A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). | 7.8 |
2021-07-15 | CVE-2021-0286 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS). | 7.8 |
2021-07-15 | CVE-2020-25736 | Acronis | Unspecified vulnerability in Acronis True Image 2019/2020/2021 Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 |
2021-07-14 | CVE-2021-34173 | Espressif | Unspecified vulnerability in Espressif Esp32 Firmware An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. | 7.8 |
2021-07-14 | CVE-2021-31947 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-31979 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33740 | Microsoft | Unspecified vulnerability in Microsoft products Windows Media Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33743 | Microsoft | Unspecified vulnerability in Microsoft products Windows Projected File System Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33759 | Microsoft | Unspecified vulnerability in Microsoft products Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33761 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33771 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33773 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33775 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33776 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33777 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33778 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-33784 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34477 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34479 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Microsoft Visual Studio Spoofing Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34488 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Console Driver Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34489 | Microsoft | Unspecified vulnerability in Microsoft products DirectWrite Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34498 | Microsoft | Use After Free vulnerability in Microsoft products Windows GDI Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34501 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34503 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019 Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34504 | Microsoft | Unspecified vulnerability in Microsoft products Windows Address Book Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34510 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34511 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34512 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34513 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft Windows 10 and Windows Server 2016 Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34514 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34516 | Microsoft | Improper Input Validation vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34518 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office web Apps Server Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34521 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34522 | Microsoft | Unspecified vulnerability in Microsoft Malware Protection Engine Microsoft Defender Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34528 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2021-34529 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability | 7.8 |
2021-07-14 | CVE-2020-25445 | Bookingcore | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bookingcore Booking Core 1.7.0 The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. | 7.8 |
2021-07-14 | CVE-2021-0596 | Out-of-bounds Read vulnerability in Google Android In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.8 | |
2021-07-13 | CVE-2021-34306 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34312 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34313 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34317 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34326 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34327 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34328 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-34329 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). | 7.8 |
2021-07-13 | CVE-2021-1940 | Qualcomm | Use After Free vulnerability in Qualcomm products Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2021-07-16 | CVE-2021-1422 | Cisco | Reachable Assertion vulnerability in Cisco products A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. | 7.7 |
2021-07-14 | CVE-2021-33758 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Hyper-V Denial of Service Vulnerability | 7.7 |
2021-07-14 | CVE-2021-31206 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 7.6 |
2021-07-14 | CVE-2021-31984 | Microsoft | Unspecified vulnerability in Microsoft Power BI Report Server Power BI Remote Code Execution Vulnerability | 7.6 |
2021-07-18 | CVE-2021-36773 | Sciruby Ublockorigin Umatrix Project Debian | Uncontrolled Recursion vulnerability in multiple products uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). | 7.5 |
2021-07-17 | CVE-2021-33911 | Zohocorp | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | 7.5 |
2021-07-17 | CVE-2021-32574 | Hashicorp | Improper Certificate Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. | 7.5 |
2021-07-16 | CVE-2021-21820 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03 A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. | 7.5 |
2021-07-15 | CVE-2021-32770 | Gatsbyjs | Insufficiently Protected Credentials vulnerability in Gatsbyjs Gatsby-Source-Wordpress Gatsby is a framework for building websites. | 7.5 |
2021-07-15 | CVE-2021-29725 | IBM | Allocation of Resources Without Limits or Throttling vulnerability in IBM products IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | 7.5 |
2021-07-15 | CVE-2021-34690 | Idrive | Improper Authentication vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. | 7.5 |
2021-07-15 | CVE-2020-36420 | Polipo Project | Reachable Assertion vulnerability in Polipo Project Polipo Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. | 7.5 |
2021-07-14 | CVE-2020-18155 | Intelliants | SQL Injection vulnerability in Intelliants Subrion 4.2.1 SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. | 7.5 |
2021-07-14 | CVE-2021-31183 | Microsoft | Unspecified vulnerability in Microsoft products Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
2021-07-14 | CVE-2021-33772 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
2021-07-14 | CVE-2021-33785 | Microsoft | Unspecified vulnerability in Microsoft products Windows AF_UNIX Socket Provider Denial of Service Vulnerability | 7.5 |
2021-07-14 | CVE-2021-33788 | Microsoft | Unspecified vulnerability in Microsoft products Windows LSA Denial of Service Vulnerability | 7.5 |
2021-07-14 | CVE-2021-34476 | Microsoft | Unspecified vulnerability in Microsoft products Bowser.sys Denial of Service Vulnerability | 7.5 |
2021-07-14 | CVE-2021-34490 | Microsoft | Unspecified vulnerability in Microsoft products Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
2021-07-14 | CVE-2020-18144 | Ectouch | SQL Injection vulnerability in Ectouch 2.0 SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php. | 7.5 |
2021-07-14 | CVE-2020-29147 | Wayang CMS Project | SQL Injection vulnerability in Wayang-Cms Project Wayang-Cms 1.0 A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. | 7.5 |
2021-07-14 | CVE-2021-35527 | Hitachienergy | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. | 7.5 |
2021-07-14 | CVE-2021-33677 | SAP | Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | 7.5 |
2021-07-13 | CVE-2020-22873 | Jsish | Classic Buffer Overflow vulnerability in Jsish Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code. | 7.5 |
2021-07-13 | CVE-2020-22874 | Jsish | Integer Overflow or Wraparound vulnerability in Jsish Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code. | 7.5 |
2021-07-13 | CVE-2020-22875 | Jsish | Integer Overflow or Wraparound vulnerability in Jsish Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. | 7.5 |
2021-07-13 | CVE-2020-22884 | Espruino | Classic Buffer Overflow vulnerability in Espruino Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code. | 7.5 |
2021-07-13 | CVE-2021-33578 | Echobh | SQL Injection vulnerability in Echobh Sharecare 8.15.5 Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data. | 7.5 |
2021-07-13 | CVE-2021-36124 | Echobh | Missing Authorization vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 7.5 |
2021-07-13 | CVE-2021-31895 | Siemens | Classic Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). | 7.5 |
2021-07-13 | CVE-2021-35515 | Apache Netapp Oracle | Infinite Loop vulnerability in multiple products When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. | 7.5 |
2021-07-13 | CVE-2021-35516 | Apache Netapp Oracle | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
2021-07-13 | CVE-2021-35517 | Apache Netapp Oracle | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
2021-07-13 | CVE-2021-36090 | Apache Oracle Netapp | When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
2021-07-12 | CVE-2020-18544 | WMS Project | SQL Injection vulnerability in WMS Project WMS 1.0 SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". | 7.5 |
2021-07-12 | CVE-2021-24385 | Ninjateam | SQL Injection vulnerability in Ninjateam Filebird 4.7.3 The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. | 7.5 |
2021-07-12 | CVE-2021-24442 | Wpdevart | SQL Injection vulnerability in Wpdevart Poll, Survey, Questionnaire and Voting System The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks | 7.5 |
2021-07-12 | CVE-2021-23389 | Totaljs | Code Injection vulnerability in Totaljs Total.Js The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 7.5 |
2021-07-12 | CVE-2021-23390 | Totaljs | Code Injection vulnerability in Totaljs Total4 The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 7.5 |
2021-07-12 | CVE-2021-32705 | Nextcloud Fedoraproject | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 7.5 |
2021-07-12 | CVE-2020-18980 | Halo | Unspecified vulnerability in Halo 0.4.3 Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | 7.5 |
2021-07-12 | CVE-2021-30639 | Apache Mcafee Oracle | Improper Handling of Exceptional Conditions vulnerability in multiple products A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. | 7.5 |
2021-07-12 | CVE-2020-21132 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. | 7.5 |
2021-07-12 | CVE-2020-21133 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. | 7.5 |
2021-07-12 | CVE-2021-36377 | Fossil SCM Fedoraproject | Improper Certificate Validation vulnerability in multiple products Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | 7.5 |
2021-07-12 | CVE-2021-3547 | Openvpn | Improper Certificate Validation vulnerability in Openvpn 3.6/3.6.1 OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | 7.4 |
2021-07-14 | CVE-2021-33766 | Microsoft | Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 7.3 |
2021-07-15 | CVE-2020-11632 | Zscaler | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | 7.2 |
2021-07-15 | CVE-2021-0278 | Juniper | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. | 7.2 |
2021-07-15 | CVE-2021-3042 | Paloaltonetworks | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 6.1/7.2/7.3 A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. | 7.2 |
2021-07-15 | CVE-2020-25593 | Acronis | Incorrect Default Permissions vulnerability in Acronis True Image Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | 7.2 |
2021-07-15 | CVE-2021-34692 | Idrive | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. | 7.2 |
2021-07-14 | CVE-2021-31196 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 7.2 |
2021-07-14 | CVE-2021-31859 | Ysoft | Incorrect Permission Assignment for Critical Resource vulnerability in Ysoft Safeq 6.0.55 Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream. | 7.2 |
2021-07-14 | CVE-2020-0417 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/8.1/9.0 In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. | 7.2 | |
2021-07-14 | CVE-2021-0144 | Intel | Insecure Default Initialization of Resource vulnerability in Intel products Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. | 7.2 |
2021-07-14 | CVE-2021-0577 | Out-of-bounds Write vulnerability in Google Android In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. | 7.2 | |
2021-07-14 | CVE-2021-0585 | Out-of-bounds Write vulnerability in Google Android In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. | 7.2 | |
2021-07-14 | CVE-2021-0587 | Use After Free vulnerability in Google Android In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. | 7.2 | |
2021-07-14 | CVE-2021-0589 | Out-of-bounds Write vulnerability in Google Android In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. | 7.2 | |
2021-07-14 | CVE-2021-0602 | Information Exposure vulnerability in Google Android 10.0/11.0 In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. | 7.2 | |
2021-07-14 | CVE-2021-35469 | Lexmark | Unquoted Search Path or Element vulnerability in Lexmark products The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. | 7.2 |
2021-07-13 | CVE-2021-31893 | Siemens | Classic Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). | 7.2 |
2021-07-13 | CVE-2021-31894 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). | 7.2 |
2021-07-13 | CVE-2021-1886 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2021-07-13 | CVE-2021-1888 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2021-07-13 | CVE-2021-1889 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2021-07-13 | CVE-2021-1890 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Improper length check of public exponent in RSA import key function could cause memory corruption. | 7.2 |
2021-07-13 | CVE-2021-1931 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.2 |
2021-07-12 | CVE-2021-26089 | Fortinet | Link Following vulnerability in Fortinet Forticlient An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | 7.2 |
2021-07-16 | CVE-2021-34467 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.1 |
2021-07-15 | CVE-2021-0282 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 12.3/15.1 On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). | 7.1 |
2021-07-14 | CVE-2021-34468 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.1 |
2021-07-16 | CVE-2021-34449 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.0 |
2021-07-16 | CVE-2021-34462 | Microsoft | Race Condition vulnerability in Microsoft products Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.0 |
2021-07-14 | CVE-2021-33751 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Storage Spaces Controller Elevation of Privilege Vulnerability | 7.0 |
2021-07-14 | CVE-2021-33774 | Microsoft | Unspecified vulnerability in Microsoft products Windows Event Tracing Elevation of Privilege Vulnerability | 7.0 |
289 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-15 | CVE-2020-11634 | Zscaler | Uncontrolled Search Path Element vulnerability in Zscaler Client Connector The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. | 6.9 |
2021-07-14 | CVE-2020-29157 | Raonwiz | Uncontrolled Search Path Element vulnerability in Raonwiz Raon K Editor 2018.0.0.10 An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. | 6.9 |
2021-07-14 | CVE-2021-0586 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. | 6.9 | |
2021-07-14 | CVE-2021-0600 | Improper Input Validation vulnerability in Google Android In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. | 6.9 | |
2021-07-13 | CVE-2021-22000 | Vmware | Improper Privilege Management vulnerability in VMWare Thinapp VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. | 6.9 |
2021-07-16 | CVE-2021-34447 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Remote Code Execution Vulnerability | 6.8 |
2021-07-16 | CVE-2021-34448 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Scripting Engine Memory Corruption Vulnerability | 6.8 |
2021-07-16 | CVE-2020-4821 | IBM | Improper Authentication vulnerability in IBM products IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. | 6.8 |
2021-07-15 | CVE-2021-0276 | Juniper | Out-of-bounds Write vulnerability in Juniper Steel-Belted Radius Carrier 8.4.1/8.5.0/8.6.0 A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). | 6.8 |
2021-07-15 | CVE-2021-20511 | IBM | Path Traversal vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. | 6.8 |
2021-07-15 | CVE-2021-21586 | Dell | Path Traversal vulnerability in Dell Wyse Management Suite Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. | 6.8 |
2021-07-14 | CVE-2021-34497 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Remote Code Execution Vulnerability | 6.8 |
2021-07-14 | CVE-2021-20781 | Pluginus | Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2021-07-14 | CVE-2021-20782 | Tipsandtricks HQ | Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2021-07-13 | CVE-2021-21994 | Vmware | Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. | 6.8 |
2021-07-13 | CVE-2021-34291 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34292 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34293 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34294 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34295 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34296 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34297 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34298 | Siemens | Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34300 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34301 | Siemens | Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34305 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34309 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34310 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34311 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34314 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34315 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34316 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34318 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34319 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34323 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34324 | Siemens | Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34330 | Siemens | Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-13 | CVE-2021-34331 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 6.8 |
2021-07-12 | CVE-2020-4938 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
2021-07-12 | CVE-2020-7872 | Hmtalk | Integer Overflow or Wraparound vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7 DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. | 6.8 |
2021-07-14 | CVE-2021-34493 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Partition Management Driver Elevation of Privilege Vulnerability | 6.7 |
2021-07-12 | CVE-2021-21590 | Dell | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. | 6.7 |
2021-07-12 | CVE-2021-21591 | Dell | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. | 6.7 |
2021-07-16 | CVE-2021-34444 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Denial of Service Vulnerability | 6.5 |
2021-07-16 | CVE-2020-4675 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6 IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2021-07-16 | CVE-2021-28053 | Centreon | SQL Injection vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 6.5 |
2021-07-15 | CVE-2020-23705 | Rockcarry | Classic Buffer Overflow vulnerability in Rockcarry Ffjpeg A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | 6.5 |
2021-07-15 | CVE-2020-23707 | OK File Formats Project | Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | 6.5 |
2021-07-15 | CVE-2021-20533 | IBM | Unspecified vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 6.5 |
2021-07-15 | CVE-2021-27847 | Libvips | Divide By Zero vulnerability in Libvips 8.10.5 Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. | 6.5 |
2021-07-15 | CVE-2021-32743 | Icinga Debian | Exposure of Sensitive Data Through Data Queries vulnerability in multiple products Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. | 6.5 |
2021-07-15 | CVE-2021-32739 | Icinga Debian | Privilege Defined With Unsafe Actions vulnerability in multiple products Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. | 6.5 |
2021-07-15 | CVE-2021-34558 | Golang Fedoraproject Netapp Oracle | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |
2021-07-15 | CVE-2021-25318 | Rancher | Incorrect Permission Assignment for Critical Resource vulnerability in Rancher A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. | 6.5 |
2021-07-15 | CVE-2021-31999 | Rancher | Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. | 6.5 |
2021-07-14 | CVE-2021-22867 | Github | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 6.5 |
2021-07-14 | CVE-2020-18151 | Thinkcmf | Cross-Site Request Forgery (CSRF) vulnerability in Thinkcmf 5.1.0 Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | 6.5 |
2021-07-14 | CVE-2021-33745 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Denial of Service Vulnerability | 6.5 |
2021-07-14 | CVE-2021-33783 | Microsoft | Unspecified vulnerability in Microsoft products Windows SMB Information Disclosure Vulnerability | 6.5 |
2021-07-14 | CVE-2021-34499 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Server Denial of Service Vulnerability | 6.5 |
2021-07-14 | CVE-2021-34507 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Assistance Information Disclosure Vulnerability | 6.5 |
2021-07-14 | CVE-2021-36740 | Varnish Cache Varnish Cache Project Varnish Software Fedoraproject Debian | HTTP Request Smuggling vulnerability in multiple products Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. | 6.5 |
2021-07-14 | CVE-2020-27379 | Bookingcore | Cross-Site Request Forgery (CSRF) vulnerability in Bookingcore Booking Core 1.7.0 Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . | 6.5 |
2021-07-14 | CVE-2021-33671 | SAP | Missing Authorization vulnerability in SAP Netweaver Guided Procedures SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2021-07-14 | CVE-2021-33676 | SAP | Missing Authorization vulnerability in SAP Customer Relationship Management A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | 6.5 |
2021-07-14 | CVE-2021-33678 | SAP | Eval Injection vulnerability in SAP Netweaver Application Server Abap A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. | 6.5 |
2021-07-13 | CVE-2020-19716 | Exiv2 Debian | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2020-19721 | Axiosys | Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1628 A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). | 6.5 |
2021-07-13 | CVE-2021-20423 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. | 6.5 |
2021-07-13 | CVE-2021-36121 | Echobh | Unrestricted Upload of File with Dangerous Type vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 6.5 |
2021-07-13 | CVE-2021-36122 | Echobh | Argument Injection or Modification vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 6.5 |
2021-07-12 | CVE-2021-29792 | IBM | Improper Privilege Management vulnerability in IBM Event Streams IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. | 6.5 |
2021-07-12 | CVE-2021-30640 | Apache Oracle Debian | Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. | 6.5 |
2021-07-12 | CVE-2021-24015 | Fortinet | OS Command Injection vulnerability in Fortinet Fortimail An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. | 6.5 |
2021-07-12 | CVE-2020-21131 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. | 6.5 |
2021-07-12 | CVE-2021-30129 | Apache Oracle | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. | 6.5 |
2021-07-12 | CVE-2021-22515 | Microfocus | Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | 6.5 |
2021-07-16 | CVE-2019-3752 | Dell | XXE vulnerability in Dell products Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. | 6.4 |
2021-07-15 | CVE-2021-0291 | Juniper | Information Exposure vulnerability in Juniper Junos 15.1/17.3 An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. | 6.4 |
2021-07-14 | CVE-2021-22779 | Schneider Electric | Authentication Bypass by Spoofing vulnerability in Schneider-Electric products Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller. | 6.4 |
2021-07-14 | CVE-2021-33755 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Denial of Service Vulnerability | 6.3 |
2021-07-14 | CVE-2021-34500 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Memory Information Disclosure Vulnerability | 6.3 |
2021-07-14 | CVE-2021-33765 | Microsoft | Unspecified vulnerability in Microsoft products Windows Installer Spoofing Vulnerability | 6.2 |
2021-07-16 | CVE-2021-21799 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 6.1 |
2021-07-16 | CVE-2021-21800 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 6.1 |
2021-07-16 | CVE-2021-21801 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. | 6.1 |
2021-07-16 | CVE-2021-21802 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. | 6.1 |
2021-07-16 | CVE-2021-21803 | Advantech | Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. | 6.1 |
2021-07-14 | CVE-2021-31961 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows InstallService Elevation of Privilege Vulnerability | 6.1 |
2021-07-14 | CVE-2020-29146 | Wayang CMS Project | Cross-site Scripting vulnerability in Wayang-Cms Project Wayang-Cms 1.0 A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header. | 6.1 |
2021-07-14 | CVE-2021-20784 | Voidtools | Unspecified vulnerability in Voidtools Everything HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors. | 6.1 |
2021-07-12 | CVE-2021-24434 | Codeblab | Cross-site Scripting vulnerability in Codeblab Glass The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. | 6.1 |
2021-07-15 | CVE-2021-29699 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. | 6.0 |
2021-07-12 | CVE-2021-24441 | Fetchdesigns | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fetchdesigns Sign-Up Sheets The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue | 6.0 |
2021-07-14 | CVE-2021-33764 | Microsoft | Unspecified vulnerability in Microsoft products Windows Key Distribution Center Information Disclosure Vulnerability | 5.9 |
2021-07-16 | CVE-2021-3647 | URI JS Project | Open Redirect vulnerability in Uri.Js Project Uri.Js URI.js is vulnerable to URL Redirection to Untrusted Site | 5.8 |
2021-07-15 | CVE-2021-0277 | Juniper | Out-of-bounds Read vulnerability in Juniper Junos 12.3/15.1 An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). | 5.8 |
2021-07-13 | CVE-2021-31810 | Ruby Lang Debian Oracle | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. | 5.8 |
2021-07-13 | CVE-2021-31892 | Siemens | Improper Certificate Validation vulnerability in Siemens products A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). | 5.8 |
2021-07-12 | CVE-2021-26088 | Fortinet | Improper Authentication vulnerability in Fortinet Single Sign-On An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets. | 5.8 |
2021-07-12 | CVE-2021-35037 | Jamf | Open Redirect vulnerability in Jamf Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. | 5.8 |
2021-07-16 | CVE-2021-34466 | Microsoft | Authentication Bypass by Spoofing vulnerability in Microsoft Windows 10 Windows Hello Security Feature Bypass Vulnerability | 5.7 |
2021-07-15 | CVE-2021-0287 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). | 5.7 |
2021-07-16 | CVE-2021-34440 | Microsoft | Unspecified vulnerability in Microsoft products GDI+ Information Disclosure Vulnerability | 5.5 |
2021-07-16 | CVE-2021-34454 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
2021-07-16 | CVE-2021-34457 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
2021-07-16 | CVE-2021-36758 | 1Password | Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. | 5.5 |
2021-07-15 | CVE-2021-0279 | Juniper | Use of Hard-coded Credentials vulnerability in Juniper Contrail Cloud Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. | 5.5 |
2021-07-14 | CVE-2021-33760 | Microsoft | Unspecified vulnerability in Microsoft products Media Foundation Information Disclosure Vulnerability | 5.5 |
2021-07-14 | CVE-2021-33763 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
2021-07-14 | CVE-2021-33782 | Microsoft | Unspecified vulnerability in Microsoft products Windows Authenticode Spoofing Vulnerability | 5.5 |
2021-07-14 | CVE-2021-34491 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Information Disclosure Vulnerability | 5.5 |
2021-07-14 | CVE-2021-34496 | Microsoft | Unspecified vulnerability in Microsoft products Windows GDI Information Disclosure Vulnerability | 5.5 |
2021-07-14 | CVE-2021-34509 | Microsoft | Unspecified vulnerability in Microsoft products Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
2021-07-14 | CVE-2021-0518 | Missing Authorization vulnerability in Google Android 13.0 In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. | 5.5 | |
2021-07-14 | CVE-2021-36373 | Apache Oracle | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. | 5.5 |
2021-07-14 | CVE-2021-36374 | Apache Oracle | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. | 5.5 |
2021-07-13 | CVE-2021-20593 | Mitsubishi | Improper Authentication vulnerability in Mitsubishi products Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. | 5.5 |
2021-07-13 | CVE-2021-33713 | Siemens | Unspecified vulnerability in Siemens JT Utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). | 5.5 |
2021-07-13 | CVE-2021-33715 | Siemens | NULL Pointer Dereference vulnerability in Siemens JT Utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). | 5.5 |
2021-07-13 | CVE-2021-34299 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34302 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34303 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34304 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34307 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34308 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34320 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34321 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-13 | CVE-2021-34325 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 5.5 |
2021-07-15 | CVE-2021-29749 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). | 5.4 |
2021-07-14 | CVE-2020-25444 | Bookingcore | Cross-site Scripting vulnerability in Bookingcore Booking Core 1.7.0 Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. | 5.4 |
2021-07-12 | CVE-2021-24421 | Eyecix | Cross-site Scripting vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1 The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue | 5.4 |
2021-07-12 | CVE-2021-24424 | Webfactoryltd | Cross-site Scripting vulnerability in Webfactoryltd WP Reset The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue | 5.4 |
2021-07-17 | CVE-2021-36769 | Telegram | Unspecified vulnerability in Telegram and Telegram Desktop A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. | 5.3 |
2021-07-16 | CVE-2021-34451 | Microsoft | Unspecified vulnerability in Microsoft Office Online Server Microsoft Office Online Server Spoofing Vulnerability | 5.3 |
2021-07-15 | CVE-2021-34429 | Eclipse Netapp Oracle | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. | 5.3 |
2021-07-15 | CVE-2020-12730 | Magicsmotion | Cleartext Transmission of Sensitive Information vulnerability in Magicsmotion Flamingo 2 Firmware MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. | 5.3 |
2021-07-14 | CVE-2021-33744 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Kernel Mode Security Feature Bypass Vulnerability | 5.3 |
2021-07-14 | CVE-2021-33757 | Microsoft | Unspecified vulnerability in Microsoft products Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | 5.3 |
2021-07-14 | CVE-2021-34517 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Spoofing Vulnerability | 5.3 |
2021-07-14 | CVE-2021-34519 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Information Disclosure Vulnerability | 5.3 |
2021-07-14 | CVE-2021-33684 | SAP | Out-of-bounds Write vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. | 5.3 |
2021-07-12 | CVE-2021-32734 | Nextcloud | Information Exposure Through an Error Message vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-32725 | Nextcloud | Insecure Inherited Permissions vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-32703 | Nextcloud Fedoraproject | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-33037 | Apache Debian Oracle Mcafee | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
2021-07-12 | CVE-2021-32678 | Nextcloud Fedoraproject | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-22918 | Nodejs Siemens | Out-of-bounds Read vulnerability in multiple products Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. | 5.3 |
2021-07-15 | CVE-2021-29742 | IBM | Unspecified vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. | 5.2 |
2021-07-17 | CVE-2021-36213 | Hashicorp | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. | 5.0 |
2021-07-16 | CVE-2021-32769 | Objectcomputing | Path Traversal vulnerability in Objectcomputing Micronaut Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. | 5.0 |
2021-07-16 | CVE-2021-35962 | Secom | Path Traversal vulnerability in Secom Door Access Control and Personnel Attendance System Specific page parameters in Dr. | 5.0 |
2021-07-16 | CVE-2021-3649 | Chatwoot | Unspecified vulnerability in Chatwoot chatwoot is vulnerable to Inefficient Regular Expression Complexity | 5.0 |
2021-07-16 | CVE-2021-21817 | Dlink | Information Exposure vulnerability in Dlink Dir-3040 Firmware 1.13B03 An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. | 5.0 |
2021-07-16 | CVE-2021-21818 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03 A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. | 5.0 |
2021-07-15 | CVE-2021-0280 | Juniper | Improper Initialization vulnerability in Juniper Junos Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). | 5.0 |
2021-07-15 | CVE-2021-0285 | Juniper | Resource Exhaustion vulnerability in Juniper Junos An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregation Group (MC-LAG) nodes which can in turn lead to traffic loss. | 5.0 |
2021-07-15 | CVE-2021-0294 | Juniper | Unspecified vulnerability in Juniper Junos 18.4 A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if "storm-control enhanced" is configured, can lead to the enhanced storm control filter group not be installed. | 5.0 |
2021-07-15 | CVE-2021-20497 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
2021-07-15 | CVE-2021-20498 | IBM | Information Exposure vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. | 5.0 |
2021-07-15 | CVE-2020-12733 | Depstech | Incorrect Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | 5.0 |
2021-07-15 | CVE-2021-20439 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | 5.0 |
2021-07-15 | CVE-2020-12731 | Magicsmotion | Cleartext Storage of Sensitive Information vulnerability in Magicsmotion Flamingo 2 Firmware The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | 5.0 |
2021-07-15 | CVE-2021-34691 | Idrive | Unspecified vulnerability in Idrive Remotepc iDrive RemotePC before 4.0.1 on Linux allows denial of service. | 5.0 |
2021-07-14 | CVE-2021-23407 | Elfinder NET Core Project | Path Traversal vulnerability in Elfinder.Net.Core Project Elfinder.Net.Core This affects the package elFinder.Net.Core from 0 and before 1.2.4. | 5.0 |
2021-07-14 | CVE-2021-36716 | Segment | Resource Exhaustion vulnerability in Segment Is-Email A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. | 5.0 |
2021-07-14 | CVE-2021-33670 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | 5.0 |
2021-07-14 | CVE-2021-20748 | Retty | Use of Hard-coded Credentials vulnerability in Retty Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. | 5.0 |
2021-07-13 | CVE-2021-21995 | Vmware | Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. | 5.0 |
2021-07-13 | CVE-2021-20360 | IBM | Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
2021-07-13 | CVE-2021-20422 | IBM | Information Exposure vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. | 5.0 |
2021-07-13 | CVE-2020-22876 | Quickjs Project | Classic Buffer Overflow vulnerability in Quickjs Project Quickjs Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. | 5.0 |
2021-07-13 | CVE-2020-22882 | Moddable | Type Confusion vulnerability in Moddable Os180328/Os180329 Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. | 5.0 |
2021-07-13 | CVE-2020-22885 | Artifex | Classic Buffer Overflow vulnerability in Artifex Mujs Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. | 5.0 |
2021-07-13 | CVE-2020-22886 | Artifex | Classic Buffer Overflow vulnerability in Artifex Mujs Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | 5.0 |
2021-07-13 | CVE-2020-22907 | Jsish | Out-of-bounds Write vulnerability in Jsish Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter. | 5.0 |
2021-07-13 | CVE-2020-28400 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. | 5.0 |
2021-07-13 | CVE-2021-33711 | Siemens | Information Exposure Through an Error Message vulnerability in Siemens Teamcenter Active Workspace A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). | 5.0 |
2021-07-13 | CVE-2021-1887 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-07-13 | CVE-2021-1907 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 5.0 |
2021-07-13 | CVE-2021-1938 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-07-13 | CVE-2021-1943 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-07-13 | CVE-2021-1945 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-07-13 | CVE-2021-1953 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-07-13 | CVE-2021-1954 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-07-13 | CVE-2021-1955 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 5.0 |
2021-07-13 | CVE-2021-1964 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-07-13 | CVE-2021-1970 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 5.0 |
2021-07-12 | CVE-2021-32741 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.0 |
2021-07-12 | CVE-2021-32727 | Nextcloud | Improper Certificate Validation vulnerability in Nextcloud Nextcloud Android Client is the Android client for Nextcloud. | 5.0 |
2021-07-12 | CVE-2020-19037 | Halo | Improper Authentication vulnerability in Halo 0.4.3 Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | 5.0 |
2021-07-12 | CVE-2020-23079 | Halo | Server-Side Request Forgery (SSRF) vulnerability in Halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 5.0 |
2021-07-12 | CVE-2021-29794 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Tivoli Netcool/Impact 7.1.0.20/7.1.0.21 IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
2021-07-12 | CVE-2021-36381 | Edifecs | Injection vulnerability in Edifecs Transaction Management 20210712 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. | 5.0 |
2021-07-12 | CVE-2021-33807 | Gespage | Path Traversal vulnerability in Gespage Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | 5.0 |
2021-07-12 | CVE-2021-26090 | Fortinet | Memory Leak vulnerability in Fortinet Fortimail A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. | 5.0 |
2021-07-12 | CVE-2021-27293 | Restsharp | Incorrect Comparison vulnerability in Restsharp RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. | 5.0 |
2021-07-15 | CVE-2021-20534 | IBM | Open Redirect vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 4.9 |
2021-07-14 | CVE-2021-34174 | Broadcom | Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. | 4.9 |
2021-07-14 | CVE-2021-0588 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 8.1/9.0 In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. | 4.9 | |
2021-07-14 | CVE-2021-0590 | Unspecified vulnerability in Google Android In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. | 4.9 | |
2021-07-14 | CVE-2021-0597 | Missing Authorization vulnerability in Google Android In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. | 4.9 | |
2021-07-14 | CVE-2021-0599 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. | 4.9 | |
2021-07-14 | CVE-2021-0601 | Double Free vulnerability in Google Android In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. | 4.9 | |
2021-07-14 | CVE-2021-24119 | ARM Fedoraproject Debian | Information Exposure Through Discrepancy vulnerability in multiple products In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
2021-07-14 | CVE-2021-22318 | Huawei | NULL Pointer Dereference vulnerability in Huawei Harmonyos 2.0 A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. | 4.9 |
2021-07-12 | CVE-2021-26099 | Fortinet | Unspecified vulnerability in Fortinet Fortimail Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | 4.9 |
2021-07-15 | CVE-2020-12734 | Depstech | Missing Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. | 4.8 |
2021-07-12 | CVE-2021-24418 | Smooth Scroll Page UP Down Buttons Project | Cross-site Scripting vulnerability in Smooth Scroll Page Up/Down Buttons Project Smooth Scroll Page Up/Down Buttons The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog | 4.8 |
2021-07-12 | CVE-2021-24419 | WP Youtube Lyte Project | Cross-site Scripting vulnerability in WP Youtube Lyte Project WP Youtube Lyte The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. | 4.8 |
2021-07-12 | CVE-2021-24426 | WEB Dorado | Cross-site Scripting vulnerability in Web-Dorado Backup-Wd The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue | 4.8 |
2021-07-12 | CVE-2021-24427 | Boldgrid | Cross-site Scripting vulnerability in Boldgrid W3 Total Cache The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue | 4.8 |
2021-07-14 | CVE-2021-33753 | Microsoft | Unspecified vulnerability in Microsoft Bing Microsoft Bing Search Spoofing Vulnerability | 4.7 |
2021-07-16 | CVE-2021-3452 | Lenovo | Unspecified vulnerability in Lenovo Bios A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 4.6 |
2021-07-16 | CVE-2021-3550 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo Pcmanager 3.0.200.2042/3.0.400.3252/3.0.50.9162 A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. | 4.6 |
2021-07-15 | CVE-2021-36753 | BAT Project | Uncontrolled Search Path Element vulnerability in BAT Project BAT sharkdp BAT before 0.18.2 executes less.exe from the current working directory. | 4.6 |
2021-07-15 | CVE-2021-35056 | Unisys | Unquoted Search Path or Element vulnerability in Unisys Stealth Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. | 4.6 |
2021-07-15 | CVE-2020-15495 | Acronis | Unspecified vulnerability in Acronis True Image 2019/2020 Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 4.6 |
2021-07-15 | CVE-2020-15496 | Acronis | Improper Preservation of Permissions vulnerability in Acronis True Image Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | 4.6 |
2021-07-15 | CVE-2021-33505 | Falco | Improper Privilege Management vulnerability in Falco A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. | 4.6 |
2021-07-14 | CVE-2019-11098 | Tianocore | Improper Input Validation vulnerability in Tianocore EDK II Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | 4.6 |
2021-07-14 | CVE-2021-0486 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0 In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. | 4.6 | |
2021-07-13 | CVE-2021-35957 | Stormshield | Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | 4.6 |
2021-07-12 | CVE-2021-21589 | Dell | Unspecified vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. | 4.6 |
2021-07-16 | CVE-2021-3614 | Lenovo | Unspecified vulnerability in Lenovo products A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage. | 4.4 |
2021-07-14 | CVE-2021-0441 | Incorrect Default Permissions vulnerability in Google Android 11.0 In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. | 4.4 | |
2021-07-14 | CVE-2021-0603 | Incorrect Default Permissions vulnerability in Google Android 11.0 In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. | 4.4 | |
2021-07-13 | CVE-2021-36376 | Delta Project | Uncontrolled Search Path Element vulnerability in Delta Project Delta dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory. | 4.4 |
2021-07-12 | CVE-2021-22921 | Nodejs Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. | 4.4 |
2021-07-17 | CVE-2021-36771 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. | 4.3 |
2021-07-17 | CVE-2021-36772 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. | 4.3 |
2021-07-16 | CVE-2021-21816 | Dlink | Information Exposure vulnerability in Dlink Dir-3040 Firmware 1.13B03 An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. | 4.3 |
2021-07-16 | CVE-2021-36755 | CGM Remote Monitor Project | Cross-site Scripting vulnerability in Cgm-Remote-Monitor Project Cgm-Remote-Monitor 14.2.2 Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. | 4.3 |
2021-07-15 | CVE-2020-23706 | OK File Formats Project | Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | 4.3 |
2021-07-15 | CVE-2021-0281 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. | 4.3 |
2021-07-15 | CVE-2021-27845 | Jasper Project | Divide By Zero vulnerability in Jasper Project Jasper A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c | 4.3 |
2021-07-14 | CVE-2020-18145 | Baidu | Cross-site Scripting vulnerability in Baidu Umeditor 1.2.3 Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. | 4.3 |
2021-07-14 | CVE-2021-0654 | Missing Authorization vulnerability in Google Android In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. | 4.3 | |
2021-07-14 | CVE-2021-33680 | SAP | Classic Buffer Overflow vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | 4.3 |
2021-07-14 | CVE-2021-33681 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | 4.3 |
2021-07-14 | CVE-2021-33683 | SAP | HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. | 4.3 |
2021-07-14 | CVE-2021-20747 | Retty | Missing Authorization vulnerability in Retty Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 4.3 |
2021-07-13 | CVE-2020-19717 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 4.3 |
2021-07-13 | CVE-2020-19718 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 4.3 |
2021-07-13 | CVE-2020-19719 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628 A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). | 4.3 |
2021-07-13 | CVE-2020-19720 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 4.3 |
2021-07-13 | CVE-2020-19722 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). | 4.3 |
2021-07-13 | CVE-2021-36214 | Linecorp | Cross-site Scripting vulnerability in Linecorp Line LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. | 4.3 |
2021-07-13 | CVE-2021-20369 | IBM | Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.3 |
2021-07-13 | CVE-2021-31225 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | 4.3 |
2021-07-13 | CVE-2020-26153 | Eventespresso | Cross-site Scripting vulnerability in Eventespresso Event Espresso A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2021-07-13 | CVE-2021-33710 | Siemens | Cross-site Scripting vulnerability in Siemens Teamcenter Active Workspace A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). | 4.3 |
2021-07-13 | CVE-2021-34322 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 4.3 |
2021-07-13 | CVE-2021-34332 | Siemens | Infinite Loop vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 4.3 |
2021-07-13 | CVE-2021-34333 | Siemens | Double Free vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). | 4.3 |
2021-07-13 | CVE-2021-1896 | Qualcomm | Cleartext Transmission of Sensitive Information vulnerability in Qualcomm products Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity | 4.3 |
2021-07-12 | CVE-2021-32733 | Nextcloud | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Text is a collaborative document editing application that uses Markdown. | 4.3 |
2021-07-12 | CVE-2021-24409 | Plugin Planet | Cross-site Scripting vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | 4.3 |
2021-07-12 | CVE-2021-24429 | Salonbookingsystem | Cross-site Scripting vulnerability in Salonbookingsystem Salon Booking System The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2021-07-12 | CVE-2021-24454 | YOP Poll | Cross-site Scripting vulnerability in Yop-Poll YOP Poll In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. | 4.3 |
2021-07-12 | CVE-2021-32707 | Nextcloud | Unspecified vulnerability in Nextcloud Mail Nextcloud Mail is a mail app for Nextcloud. | 4.3 |
2021-07-12 | CVE-2021-21588 | Dell | Insufficient Verification of Data Authenticity vulnerability in Dell Powerflex Presentation Server 3.5 Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. | 4.3 |
2021-07-12 | CVE-2020-18979 | Halo | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | 4.3 |
2021-07-12 | CVE-2021-36382 | Devolutions | Insufficiently Protected Credentials vulnerability in Devolutions Server Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | 4.3 |
2021-07-12 | CVE-2021-22916 | Brave | Unspecified vulnerability in Brave In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure. | 4.3 |
2021-07-12 | CVE-2021-22917 | Brave | Unspecified vulnerability in Brave Browser Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. | 4.3 |
2021-07-15 | CVE-2021-20496 | IBM | Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. | 4.0 |
2021-07-15 | CVE-2021-20499 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
2021-07-15 | CVE-2021-20523 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
2021-07-15 | CVE-2021-20537 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 4.0 |
2021-07-14 | CVE-2020-20231 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. | 4.0 |
2021-07-14 | CVE-2021-24117 | Apache | Information Exposure Through Discrepancy vulnerability in Apache Teaclave SGX SDK 1.1.3 In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.0 |
2021-07-14 | CVE-2021-33211 | Element IT | Path Traversal vulnerability in Element-It Http Commander 5.3.3 A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. | 4.0 |
2021-07-14 | CVE-2021-33213 | Element IT | Server-Side Request Forgery (SSRF) vulnerability in Element-It Http Commander 5.3.3 An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address. | 4.0 |
2021-07-14 | CVE-2021-24116 | Wolfssl | Information Exposure Through Discrepancy vulnerability in Wolfssl In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.0 |
2021-07-14 | CVE-2021-33667 | SAP | Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430 Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. | 4.0 |
2021-07-14 | CVE-2021-33687 | SAP | Information Exposure vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information. | 4.0 |
2021-07-14 | CVE-2021-33689 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. | 4.0 |
2021-07-13 | CVE-2021-32755 | Wire | Improper Certificate Validation vulnerability in Wire Wire is a collaboration platform. | 4.0 |
2021-07-13 | CVE-2020-20252 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. | 4.0 |
2021-07-13 | CVE-2021-20424 | IBM | Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
2021-07-13 | CVE-2021-36123 | Echobh | Unspecified vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 4.0 |
2021-07-13 | CVE-2020-20250 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. | 4.0 |
2021-07-13 | CVE-2021-33709 | Siemens | Information Exposure vulnerability in Siemens Teamcenter Active Workspace A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). | 4.0 |
2021-07-12 | CVE-2021-32747 | Icinga | Information Exposure vulnerability in Icinga Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. | 4.0 |
2021-07-12 | CVE-2021-32689 | Nextcloud | Unspecified vulnerability in Nextcloud Talk Nextcloud Talk is a fully on-premises audio/video and chat communication service. | 4.0 |
2021-07-12 | CVE-2021-20414 | IBM | Unspecified vulnerability in IBM Guardium Data Encryption 3.0.0.2 IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. | 4.0 |
2021-07-12 | CVE-2021-24013 | Fortinet | Path Traversal vulnerability in Fortinet Fortimail Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. | 4.0 |
2021-07-12 | CVE-2021-36383 | XEN Orchestra | Unspecified vulnerability in Xen-Orchestra Xo-Server and Xo-Web Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. | 4.0 |
66 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-07-14 | CVE-2021-22778 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. | 3.6 |
2021-07-14 | CVE-2021-22780 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. | 3.6 |
2021-07-16 | CVE-2021-28054 | Centreon | Cross-site Scripting vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 3.5 |
2021-07-16 | CVE-2021-28114 | Froala | Cross-site Scripting vulnerability in Froala Editor Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | 3.5 |
2021-07-15 | CVE-2021-32764 | Discourse | Cross-site Scripting vulnerability in Discourse Discourse is an open-source discussion platform. | 3.5 |
2021-07-15 | CVE-2021-20524 | IBM | Cross-site Scripting vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. | 3.5 |
2021-07-15 | CVE-2021-32750 | Muwire Project | Cross-site Scripting vulnerability in Muwire Project Muwire MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. | 3.5 |
2021-07-15 | CVE-2021-3043 | Paloaltonetworks | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12 A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. | 3.5 |
2021-07-14 | CVE-2021-33212 | Element IT | Cross-site Scripting vulnerability in Element-It Http Commander 5.3.3 A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image. | 3.5 |
2021-07-14 | CVE-2021-33682 | SAP | Cross-site Scripting vulnerability in SAP Lumira Server 2.4 SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2021-07-13 | CVE-2021-20361 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 3.5 |
2021-07-13 | CVE-2021-20362 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 3.5 |
2021-07-13 | CVE-2021-20363 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 3.5 |
2021-07-13 | CVE-2021-20364 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 3.5 |
2021-07-13 | CVE-2021-20365 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 3.5 |
2021-07-13 | CVE-2021-20366 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 3.5 |
2021-07-13 | CVE-2021-20368 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. | 3.5 |
2021-07-13 | CVE-2021-33718 | Siemens | Incorrect Authorization vulnerability in Siemens Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). | 3.5 |
2021-07-12 | CVE-2021-32746 | Icinga | Path Traversal vulnerability in Icinga Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. | 3.5 |
2021-07-12 | CVE-2021-32754 | Flowdroid Project | XXE vulnerability in Flowdroid Project Flowdroid FlowDroid is a data flow analysis tool. | 3.5 |
2021-07-12 | CVE-2021-24365 | Admincolumns | Cross-site Scripting vulnerability in Admincolumns Admin Columns The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. | 3.5 |
2021-07-12 | CVE-2021-24408 | Plugin Planet | Cross-site Scripting vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. | 3.5 |
2021-07-12 | CVE-2021-24420 | Emarketdesign | Cross-site Scripting vulnerability in Emarketdesign Request a Quote The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table. | 3.5 |
2021-07-12 | CVE-2021-24439 | Prothemedesign | Cross-site Scripting vulnerability in Prothemedesign Browser Screenshots The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped. | 3.5 |
2021-07-12 | CVE-2021-24440 | Fetchdesigns | Cross-site Scripting vulnerability in Fetchdesigns Sign-Up Sheets The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. | 3.5 |
2021-07-12 | CVE-2020-18982 | Halo | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | 3.5 |
2021-07-12 | CVE-2020-19201 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. | 3.5 |
2021-07-12 | CVE-2020-19203 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. | 3.5 |
2021-07-12 | CVE-2020-19204 | Ipfire | Cross-site Scripting vulnerability in Ipfire 2.21 An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. | 3.5 |
2021-07-12 | CVE-2021-29803 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 3.5 |
2021-07-12 | CVE-2021-29804 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 3.5 |
2021-07-12 | CVE-2021-29805 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 3.5 |
2021-07-12 | CVE-2021-29822 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2021-07-16 | CVE-2020-4980 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. | 3.3 |
2021-07-15 | CVE-2021-0288 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. | 3.3 |
2021-07-15 | CVE-2021-0290 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos 16.1/17.1/17.3 Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition. | 3.3 |
2021-07-15 | CVE-2021-0292 | Juniper | Resource Exhaustion vulnerability in Juniper Junos OS Evolved 19.4/20.1/20.2 An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. | 3.3 |
2021-07-15 | CVE-2020-12732 | Depstech | Insecure Default Initialization of Resource vulnerability in Depstech Wifi Digital Microscope 3 Firmware DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | 3.3 |
2021-07-13 | CVE-2021-25671 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). | 3.3 |
2021-07-12 | CVE-2021-32680 | Nextcloud Fedoraproject | Insufficient Logging vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 3.3 |
2021-07-15 | CVE-2021-0289 | Juniper | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. | 2.9 |
2021-07-15 | CVE-2021-0295 | Juniper | Incorrect Comparison vulnerability in Juniper Junos A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). | 2.9 |
2021-07-15 | CVE-2021-34687 | Idrive | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows information disclosure. | 2.9 |
2021-07-13 | CVE-2021-31221 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. | 2.9 |
2021-07-13 | CVE-2021-31222 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | 2.9 |
2021-07-13 | CVE-2021-31223 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. | 2.9 |
2021-07-13 | CVE-2021-31224 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. | 2.9 |
2021-07-13 | CVE-2021-31220 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | 2.3 |
2021-07-16 | CVE-2021-3453 | Lenovo | Unspecified vulnerability in Lenovo products Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. | 2.1 |
2021-07-15 | CVE-2021-0293 | Juniper | Memory Leak vulnerability in Juniper Junos A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. | 2.1 |
2021-07-15 | CVE-2021-20500 | IBM | Unspecified vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. | 2.1 |
2021-07-15 | CVE-2021-20510 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. | 2.1 |
2021-07-15 | CVE-2021-21587 | Dell | Information Exposure vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. | 2.1 |
2021-07-15 | CVE-2020-12729 | Magicsmotion | Information Exposure vulnerability in Magicsmotion Flamingo 2 Firmware MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. | 2.1 |
2021-07-15 | CVE-2021-34688 | Idrive | Use of Hard-coded Credentials vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows information disclosure. | 2.1 |
2021-07-15 | CVE-2021-34689 | Idrive | Information Exposure Through Log Files vulnerability in Idrive Remotepc iDrive RemotePC before 7.6.48 on Windows allows information disclosure. | 2.1 |
2021-07-14 | CVE-2021-22781 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. | 2.1 |
2021-07-14 | CVE-2021-22782 | Schneider Electric | Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. | 2.1 |
2021-07-13 | CVE-2021-22399 | Huawei | Unspecified vulnerability in Huawei P30 Firmware The Bluetooth function of some Huawei smartphones has a DoS vulnerability. | 2.1 |
2021-07-13 | CVE-2021-22440 | Huawei | Path Traversal vulnerability in Huawei products There is a path traversal vulnerability in some Huawei products. | 2.1 |
2021-07-13 | CVE-2021-33714 | Siemens | NULL Pointer Dereference vulnerability in Siemens JT Utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). | 2.1 |
2021-07-13 | CVE-2021-1897 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2.1 |
2021-07-13 | CVE-2021-1898 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2.1 |
2021-07-13 | CVE-2021-1899 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2.1 |
2021-07-13 | CVE-2021-1901 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2.1 |
2021-07-14 | CVE-2021-0604 | Unspecified vulnerability in Google Android In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. | 1.9 |