Weekly Vulnerabilities Reports > July 12 to 18, 2021

Overview

546 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 71 high severity vulnerabilities. This weekly summary report vulnerabilities in 1209 products from 144 vendors including Microsoft, Siemens, IBM, Google, and Qualcomm. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Privilege Management", "Out-of-bounds Write", "Classic Buffer Overflow", and "Out-of-bounds Read".

  • 395 reported vulnerabilities are remotely exploitables.
  • 126 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 426 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 117 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-16 CVE-2021-35961 Secom Use of Hard-coded Credentials vulnerability in Secom Dr.Id Access Control 3.3.2

Dr.

10.0
2021-07-15 CVE-2020-11633 Zscaler Out-of-bounds Write vulnerability in Zscaler Client Connector

The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers.

10.0
2021-07-14 CVE-2021-35211 Solarwinds Exposure of Resource to Wrong Sphere vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.3

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.

10.0
2021-07-14 CVE-2021-34473 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

10.0
2021-07-14 CVE-2021-0515 Google Out-of-bounds Write vulnerability in Google Android

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check.

10.0
2021-07-13 CVE-2020-11307 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

10.0
2021-07-13 CVE-2021-1965 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

10.0
2021-07-13 CVE-2021-31217 Solarwinds Incorrect Default Permissions vulnerability in Solarwinds Dameware Mini Remote Control 12.0.1.200

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

9.4
2021-07-16 CVE-2021-34439 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Microsoft Windows Media Foundation Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34441, CVE-2021-34503.

9.3
2021-07-16 CVE-2021-34448 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Scripting Engine Memory Corruption Vulnerability

9.3
2021-07-16 CVE-2021-34464 Microsoft Unspecified vulnerability in Microsoft Malware Protection Engine

Microsoft Defender Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34522.

9.3
2021-07-14 CVE-2021-33740 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Remote Code Execution Vulnerability

9.3
2021-07-14 CVE-2021-34522 Microsoft Unspecified vulnerability in Microsoft Malware Protection Engine 1.1.10600.0/1.1.10701.0/1.1.14306.0

Microsoft Defender Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34464.

9.3
2021-07-14 CVE-2021-0514 Google Race Condition vulnerability in Google Android

In several functions of the V8 library, there is a possible use after free due to a race condition.

9.3
2021-07-14 CVE-2021-0592 Google Out-of-bounds Write vulnerability in Google Android

In various functions in WideVine, there are possible out of bounds writes due to improper input validation.

9.3
2021-07-16 CVE-2021-34450 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Remote Code Execution Vulnerability

9.0
2021-07-16 CVE-2021-34458 Microsoft Unspecified vulnerability in Microsoft Windows Server 2016 and Windows Server 2019

Windows Kernel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34508.

9.0

71 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-13 CVE-2021-20595 Mitsubishi XXE vulnerability in Mitsubishi products

Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.

8.5
2021-07-15 CVE-2021-34827 Dlink Stack-based Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.3
2021-07-15 CVE-2021-34828 Dlink Classic Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.3
2021-07-15 CVE-2021-34829 Dlink Classic Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.3
2021-07-15 CVE-2021-34830 Dlink Stack-based Buffer Overflow vulnerability in Dlink Dap-1330 Firmware 1.13B01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers.

8.3
2021-07-14 CVE-2021-31206 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-34473.

7.9
2021-07-14 CVE-2021-0594 Google Improper Privilege Management vulnerability in Google Android

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation.

7.9
2021-07-15 CVE-2021-0283 Juniper Classic Buffer Overflow vulnerability in Juniper Junos

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS).

7.8
2021-07-15 CVE-2021-0286 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved

A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS).

7.8
2021-07-14 CVE-2021-34173 Espressif Unspecified vulnerability in Espressif Esp32 Firmware

An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame.

7.8
2021-07-14 CVE-2021-0596 Google Out-of-bounds Read vulnerability in Google Android

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check.

7.8
2021-07-17 CVE-2021-33911 Zohocorp Code Injection vulnerability in Zohocorp Manageengine Admanager Plus

Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.

7.5
2021-07-16 CVE-2021-21804 Advantech Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).

7.5
2021-07-16 CVE-2021-21820 Dlink Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03.

7.5
2021-07-15 CVE-2021-34690 Idrive Improper Authentication vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows authentication bypass.

7.5
2021-07-14 CVE-2020-24133 Radare Out-of-bounds Write vulnerability in Radare Radare2-Extras

A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.

7.5
2021-07-14 CVE-2020-18155 Intelliants SQL Injection vulnerability in Intelliants Subrion 4.2.1

SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.

7.5
2021-07-14 CVE-2021-33757 Microsoft Unspecified vulnerability in Microsoft products

Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability

7.5
2021-07-14 CVE-2021-34523 Microsoft Improper Privilege Management vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.

7.5
2021-07-14 CVE-2020-18144 Ectouch SQL Injection vulnerability in Ectouch 2.0

SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php.

7.5
2021-07-14 CVE-2021-33678 SAP Code Injection vulnerability in SAP Netweaver AS Abap

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application.

7.5
2021-07-14 CVE-2021-25953 Putil Merge Project Unspecified vulnerability in Putil-Merge Project Putil-Merge

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.

7.5
2021-07-13 CVE-2021-34552 Python
Debian
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

7.5
2021-07-13 CVE-2020-22873 Jsish Classic Buffer Overflow vulnerability in Jsish

Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.

7.5
2021-07-13 CVE-2020-22874 Jsish Integer Overflow or Wraparound vulnerability in Jsish

Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.

7.5
2021-07-13 CVE-2020-22875 Jsish Integer Overflow or Wraparound vulnerability in Jsish

Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.

7.5
2021-07-13 CVE-2020-22884 Espruino Classic Buffer Overflow vulnerability in Espruino

Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.

7.5
2021-07-13 CVE-2021-33578 Echobh SQL Injection vulnerability in Echobh Sharecare 8.15.5

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.

7.5
2021-07-13 CVE-2021-36124 Echobh Incorrect Authorization vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

7.5
2021-07-13 CVE-2021-31895 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7).

7.5
2021-07-12 CVE-2020-18544 WMS Project SQL Injection vulnerability in WMS Project WMS 1.0

SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".

7.5
2021-07-12 CVE-2021-24385 Ninjateam SQL Injection vulnerability in Ninjateam Filebird 4.7.3

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request.

7.5
2021-07-12 CVE-2021-24442 Wpdevart SQL Injection vulnerability in Wpdevart Poll, Survey, Questionnaire and Voting System

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks

7.5
2021-07-12 CVE-2021-32726 Nextcloud Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

7.5
2021-07-12 CVE-2021-23389 Totaljs Code Injection vulnerability in Totaljs Total.Js

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

7.5
2021-07-12 CVE-2021-23390 Totaljs Code Injection vulnerability in Totaljs Total4

The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

7.5
2021-07-12 CVE-2020-18980 Halo Unspecified vulnerability in Halo 0.4.3

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.

7.5
2021-07-12 CVE-2021-32688 Nextcloud
Fedoraproject
Files or Directories Accessible to External Parties vulnerability in multiple products

Nextcloud Server is a Nextcloud package that handles data storage.

7.5
2021-07-12 CVE-2020-21132 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.

7.5
2021-07-12 CVE-2020-21133 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.

7.5
2021-07-12 CVE-2021-35064 Kramerav Improper Privilege Management vulnerability in Kramerav Viaware

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo.

7.5
2021-07-15 CVE-2020-11632 Zscaler Unquoted Search Path or Element vulnerability in Zscaler Client Connector

The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.

7.2
2021-07-15 CVE-2021-0278 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device.

7.2
2021-07-15 CVE-2021-3042 Paloaltonetworks Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 6.1/7.2/7.3

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.

7.2
2021-07-15 CVE-2020-25593 Acronis Incorrect Default Permissions vulnerability in Acronis True Image

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.

7.2
2021-07-15 CVE-2021-34692 Idrive Inclusion of Functionality from Untrusted Control Sphere vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows privilege escalation.

7.2
2021-07-14 CVE-2021-31979 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514.

7.2
2021-07-14 CVE-2021-33744 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Secure Kernel Mode Security Feature Bypass Vulnerability

7.2
2021-07-14 CVE-2021-33771 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-34514.

7.2
2021-07-14 CVE-2021-34498 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows GDI Elevation of Privilege Vulnerability

7.2
2021-07-14 CVE-2021-34512 Microsoft Integer Overflow or Wraparound vulnerability in Microsoft products

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34510, CVE-2021-34513.

7.2
2021-07-14 CVE-2021-34513 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34510, CVE-2021-34512.

7.2
2021-07-14 CVE-2021-34514 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-33771.

7.2
2021-07-14 CVE-2021-31859 Ysoft Improper Privilege Management vulnerability in Ysoft Safeq 6.0.55

Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.

7.2
2021-07-14 CVE-2020-0417 Google Improper Privilege Management vulnerability in Google Android 10.0/8.1/9.0

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent.

7.2
2021-07-14 CVE-2021-0577 Google Out-of-bounds Write vulnerability in Google Android

In flv extractor, there is a possible out of bounds write due to a heap buffer overflow.

7.2
2021-07-14 CVE-2021-0585 Google Out-of-bounds Write vulnerability in Google Android

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation.

7.2
2021-07-14 CVE-2021-0587 Google Use After Free vulnerability in Google Android

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free.

7.2
2021-07-14 CVE-2021-0589 Google Out-of-bounds Write vulnerability in Google Android

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check.

7.2
2021-07-14 CVE-2021-0602 Google Improper Privilege Management vulnerability in Google Android 10.0/11.0

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass.

7.2
2021-07-14 CVE-2021-35469 Lexmark Unquoted Search Path or Element vulnerability in Lexmark products

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

7.2
2021-07-13 CVE-2021-31893 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2).

7.2
2021-07-13 CVE-2021-31894 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1).

7.2
2021-07-13 CVE-2021-1886 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-07-13 CVE-2021-1888 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-07-13 CVE-2021-1889 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-07-13 CVE-2021-1890 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Improper length check of public exponent in RSA import key function could cause memory corruption.

7.2
2021-07-13 CVE-2021-1931 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

7.2
2021-07-13 CVE-2021-1940 Qualcomm Use After Free vulnerability in Qualcomm products

Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-07-12 CVE-2021-26089 Fortinet Link Following vulnerability in Fortinet Forticlient

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.

7.2
2021-07-15 CVE-2021-0282 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 12.3/15.1

On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS).

7.1

371 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-15 CVE-2020-11634 Zscaler Uncontrolled Search Path Element vulnerability in Zscaler Client Connector

The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL.

6.9
2021-07-14 CVE-2020-29157 Raonwiz Uncontrolled Search Path Element vulnerability in Raonwiz Raon K Editor 2018.0.0.10

An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.

6.9
2021-07-14 CVE-2021-0586 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack.

6.9
2021-07-14 CVE-2021-0600 Google Improper Input Validation vulnerability in Google Android

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation.

6.9
2021-07-13 CVE-2021-22000 Vmware Improper Privilege Management vulnerability in VMWare Thinapp

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs.

6.9
2021-07-16 CVE-2021-34438 Microsoft Unspecified vulnerability in Microsoft products

Windows Font Driver Host Remote Code Execution Vulnerability

6.8
2021-07-16 CVE-2021-34441 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Media Foundation Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34439, CVE-2021-34503.

6.8
2021-07-16 CVE-2021-34446 Microsoft Unspecified vulnerability in Microsoft products

Windows HTML Platforms Security Feature Bypass Vulnerability

6.8
2021-07-16 CVE-2021-34447 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497.

6.8
2021-07-16 CVE-2021-34452 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Word

Microsoft Word Remote Code Execution Vulnerability

6.8
2021-07-16 CVE-2021-32749 Fail2Ban
Fedoraproject
OS Command Injection vulnerability in multiple products

fail2ban is a daemon to ban hosts that cause multiple authentication errors.

6.8
2021-07-16 CVE-2020-4821 IBM Improper Authentication vulnerability in IBM products

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string.

6.8
2021-07-16 CVE-2021-1422 Cisco Reachable Assertion vulnerability in Cisco products

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition.

6.8
2021-07-15 CVE-2021-0276 Juniper Out-of-bounds Write vulnerability in Juniper Steel-Belted Radius Carrier 8.4.1/8.5.0/8.6.0

A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE).

6.8
2021-07-15 CVE-2021-20511 IBM Path Traversal vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system.

6.8
2021-07-15 CVE-2021-21586 Dell Path Traversal vulnerability in Dell Wyse Management Suite

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability.

6.8
2021-07-14 CVE-2021-31947 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33775, CVE-2021-33776, CVE-2021-33777, CVE-2021-33778.

6.8
2021-07-14 CVE-2021-31984 Microsoft Unspecified vulnerability in Microsoft Power BI Report Server

Power BI Remote Code Execution Vulnerability

6.8
2021-07-14 CVE-2021-33749 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33750, CVE-2021-33752, CVE-2021-33756.

6.8
2021-07-14 CVE-2021-33750 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33752, CVE-2021-33756.

6.8
2021-07-14 CVE-2021-33752 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33750, CVE-2021-33756.

6.8
2021-07-14 CVE-2021-33756 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33750, CVE-2021-33752.

6.8
2021-07-14 CVE-2021-33775 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33776, CVE-2021-33777, CVE-2021-33778.

6.8
2021-07-14 CVE-2021-33776 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33775, CVE-2021-33777, CVE-2021-33778.

6.8
2021-07-14 CVE-2021-33777 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33775, CVE-2021-33776, CVE-2021-33778.

6.8
2021-07-14 CVE-2021-33778 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0/1.0.33242.0

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33775, CVE-2021-33776, CVE-2021-33777.

6.8
2021-07-14 CVE-2021-34489 Microsoft Unspecified vulnerability in Microsoft products

DirectWrite Remote Code Execution Vulnerability

6.8
2021-07-14 CVE-2021-34497 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447.

6.8
2021-07-14 CVE-2021-34501 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34518.

6.8
2021-07-14 CVE-2021-34503 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019

Microsoft Windows Media Foundation Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34439, CVE-2021-34441.

6.8
2021-07-14 CVE-2021-34504 Microsoft Unspecified vulnerability in Microsoft products

Windows Address Book Remote Code Execution Vulnerability

6.8
2021-07-14 CVE-2021-34518 Microsoft Unspecified vulnerability in Microsoft Excel and Office web Apps Server

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34501.

6.8
2021-07-14 CVE-2021-34521 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Raw Image Extension Remote Code Execution Vulnerability

6.8
2021-07-14 CVE-2021-34528 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34529.

6.8
2021-07-14 CVE-2021-34529 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34528.

6.8
2021-07-14 CVE-2020-25445 Bookingcore Improper Neutralization of Formula Elements in a CSV File vulnerability in Bookingcore Booking Core 1.7.0

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection.

6.8
2021-07-14 CVE-2021-20781 Pluginus Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter

Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

6.8
2021-07-14 CVE-2021-20782 Tipsandtricks HQ Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager

Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

6.8
2021-07-13 CVE-2021-21994 Vmware Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.

6.8
2021-07-13 CVE-2021-34291 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34292 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34293 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34294 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34295 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34296 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34297 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34298 Siemens Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34300 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34301 Siemens Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34305 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34306 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34309 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34310 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34311 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34312 Siemens Heap-based Buffer Overflow vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34313 Siemens Heap-based Buffer Overflow vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34314 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34315 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34316 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34317 Siemens Heap-based Buffer Overflow vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34318 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34319 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34323 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34324 Siemens Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34326 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34327 Siemens Heap-based Buffer Overflow vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34328 Siemens Heap-based Buffer Overflow vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34329 Siemens Heap-based Buffer Overflow vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34330 Siemens Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-13 CVE-2021-34331 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

6.8
2021-07-12 CVE-2020-4938 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2021-07-12 CVE-2020-7872 Hmtalk Integer Overflow or Wraparound vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7

DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy.

6.8
2021-07-12 CVE-2021-32679 Nextcloud
Fedoraproject
Improper Encoding or Escaping of Output vulnerability in multiple products

Nextcloud Server is a Nextcloud package that handles data storage.

6.8
2021-07-16 CVE-2021-34467 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34468, CVE-2021-34520.

6.5
2021-07-16 CVE-2021-28053 Centreon SQL Injection vulnerability in Centreon 20.10.0

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.

6.5
2021-07-16 CVE-2021-21819 Dlink Unspecified vulnerability in Dlink Dir-3040 Firmware 1.13B03

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03.

6.5
2021-07-15 CVE-2021-20533 IBM Unspecified vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

6.5
2021-07-15 CVE-2021-32743 Icinga
Debian
Exposure of Sensitive Data Through Data Queries vulnerability in multiple products

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.

6.5
2021-07-15 CVE-2021-32739 Icinga
Debian
Privilege Defined With Unsafe Actions vulnerability in multiple products

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.

6.5
2021-07-15 CVE-2021-25318 Rancher Incorrect Permission Assignment for Critical Resource vulnerability in Rancher

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to.

6.5
2021-07-15 CVE-2021-31999 Rancher Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers.

6.5
2021-07-14 CVE-2021-31196 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31206, CVE-2021-34473.

6.5
2021-07-14 CVE-2021-33746 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525.

6.5
2021-07-14 CVE-2021-33780 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525.

6.5
2021-07-14 CVE-2021-33786 Microsoft Incorrect Authorization vulnerability in Microsoft products

Windows LSA Security Feature Bypass Vulnerability

6.5
2021-07-14 CVE-2021-34474 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Business Central 2020/2021

Dynamics Business Central Remote Code Execution Vulnerability

6.5
2021-07-14 CVE-2021-34494 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525.

6.5
2021-07-14 CVE-2021-34508 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34458.

6.5
2021-07-14 CVE-2021-34520 Microsoft Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34468.

6.5
2021-07-14 CVE-2021-34525 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34494.

6.5
2021-07-14 CVE-2021-33671 SAP Missing Authorization vulnerability in SAP Netweaver Guided Procedures

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

6.5
2021-07-14 CVE-2021-33676 SAP Missing Authorization vulnerability in SAP Customer Relationship Management

A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.

6.5
2021-07-13 CVE-2021-20423 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions.

6.5
2021-07-13 CVE-2021-36121 Echobh Unrestricted Upload of File with Dangerous Type vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

6.5
2021-07-13 CVE-2021-36122 Echobh Argument Injection or Modification vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

6.5
2021-07-12 CVE-2020-19907 Mitre OS Command Injection vulnerability in Mitre Caldera

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.

6.5
2021-07-12 CVE-2021-29792 IBM Improper Privilege Management vulnerability in IBM Event Streams

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user.

6.5
2021-07-12 CVE-2021-24015 Fortinet OS Command Injection vulnerability in Fortinet Fortimail

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

6.5
2021-07-12 CVE-2020-21131 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.

6.5
2021-07-16 CVE-2019-3752 Dell XXE vulnerability in Dell products

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4.

6.4
2021-07-15 CVE-2021-0291 Juniper Information Exposure vulnerability in Juniper Junos 15.1

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource.

6.4
2021-07-14 CVE-2021-36740 Varnish Cache
Fedoraproject
HTTP Request Smuggling vulnerability in multiple products

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request.

6.4
2021-07-14 CVE-2021-22779 Schneider Electric Authentication Bypass by Spoofing vulnerability in Schneider-Electric products

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.

6.4
2021-07-12 CVE-2020-19038 Halo Missing Authorization vulnerability in Halo 0.4.3

File Deletion vulnerability in Halo 0.4.3 via delBackup.

6.4
2021-07-15 CVE-2021-29699 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user.

6.0
2021-07-14 CVE-2021-33754 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525.

6.0
2021-07-12 CVE-2021-24441 Fetchdesigns Improper Neutralization of Formula Elements in a CSV File vulnerability in Fetchdesigns Sign-Up Sheets

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

6.0
2021-07-16 CVE-2021-3647 URI JS Project Open Redirect vulnerability in Uri.Js Project Uri.Js

URI.js is vulnerable to URL Redirection to Untrusted Site

5.8
2021-07-15 CVE-2021-0277 Juniper Out-of-bounds Read vulnerability in Juniper Junos 12.3/15.1

An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE).

5.8
2021-07-14 CVE-2021-34469 Microsoft Incorrect Authorization vulnerability in Microsoft 365 Apps and Office

Microsoft Office Security Feature Bypass Vulnerability

5.8
2021-07-14 CVE-2021-34492 Microsoft Unspecified vulnerability in Microsoft products

Windows Certificate Spoofing Vulnerability

5.8
2021-07-14 CVE-2021-20784 Voidtools Unspecified vulnerability in Voidtools Everything

HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors.

5.8
2021-07-13 CVE-2021-31892 Siemens Improper Certificate Validation vulnerability in Siemens products

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions).

5.8
2021-07-12 CVE-2021-30640 Apache
Oracle
Debian
Improper Authentication vulnerability in multiple products

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm.

5.8
2021-07-12 CVE-2021-26088 Fortinet Improper Authentication vulnerability in Fortinet Single Sign-On

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.

5.8
2021-07-12 CVE-2021-35037 Jamf Open Redirect vulnerability in Jamf

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises.

5.8
2021-07-12 CVE-2021-3547 Openvpn Improper Authentication vulnerability in Openvpn 3.6/3.6.1

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

5.8
2021-07-15 CVE-2021-0287 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved

In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS).

5.7
2021-07-16 CVE-2021-36758 1Password Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1

1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation.

5.5
2021-07-15 CVE-2021-0279 Juniper Use of Hard-coded Credentials vulnerability in Juniper Contrail Cloud

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials.

5.5
2021-07-15 CVE-2021-29749 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM products

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF).

5.5
2021-07-14 CVE-2021-33779 Microsoft Unspecified vulnerability in Microsoft Windows Server 2016 and Windows Server 2019

Windows ADFS Security Feature Bypass Vulnerability

5.5
2021-07-14 CVE-2021-33781 Microsoft Unspecified vulnerability in Microsoft products

Azure AD Security Feature Bypass Vulnerability

5.5
2021-07-13 CVE-2021-20593 Mitsubishi Improper Authentication vulnerability in Mitsubishi products

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver.

5.5
2021-07-14 CVE-2021-34468 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34520.

5.4
2021-07-15 CVE-2021-29742 IBM Unspecified vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system.

5.2
2021-07-14 CVE-2021-33768 Microsoft Improper Privilege Management vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34470, CVE-2021-34523.

5.2
2021-07-14 CVE-2021-34470 Microsoft Improper Privilege Management vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34523.

5.2
2021-07-18 CVE-2021-36773 Sciruby
Ublockorigin
Umatrix Project
Uncontrolled Recursion vulnerability in multiple products

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

5.0
2021-07-17 CVE-2021-32574 Hashicorp Improper Certificate Validation vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name.

5.0
2021-07-17 CVE-2021-36213 Hashicorp Unspecified vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic.

5.0
2021-07-17 CVE-2021-36769 Telegram Inadequate Encryption Strength vulnerability in Telegram

A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8.

5.0
2021-07-16 CVE-2021-34442 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33745, CVE-2021-34444, CVE-2021-34499.

5.0
2021-07-16 CVE-2021-34451 Microsoft Unspecified vulnerability in Microsoft Office Online Server

Microsoft Office Online Server Spoofing Vulnerability

5.0
2021-07-16 CVE-2021-32769 Objectcomputing Path Traversal vulnerability in Objectcomputing Micronaut

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications.

5.0
2021-07-16 CVE-2021-35962 Secom Path Traversal vulnerability in Secom Door Access Control and Personnel Attendance System

Specific page parameters in Dr.

5.0
2021-07-16 CVE-2021-3649 Chatwoot Incorrect Comparison vulnerability in Chatwoot

chatwoot is vulnerable to Inefficient Regular Expression Complexity

5.0
2021-07-16 CVE-2021-21817 Dlink Unspecified vulnerability in Dlink Dir-3040 Firmware 1.13B03

An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03.

5.0
2021-07-16 CVE-2021-21818 Dlink Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03.

5.0
2021-07-15 CVE-2021-0280 Juniper Improper Initialization vulnerability in Juniper Junos

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE).

5.0
2021-07-15 CVE-2021-0285 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos 15.1/17.3

An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregation Group (MC-LAG) nodes which can in turn lead to traffic loss.

5.0
2021-07-15 CVE-2021-0294 Juniper Unspecified vulnerability in Juniper Junos 18.4

A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if "storm-control enhanced" is configured, can lead to the enhanced storm control filter group not be installed.

5.0
2021-07-15 CVE-2021-32770 Gatsbyjs Insufficiently Protected Credentials vulnerability in Gatsbyjs Gatsby-Source-Wordpress

Gatsby is a framework for building websites.

5.0
2021-07-15 CVE-2021-20497 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2021-07-15 CVE-2021-20498 IBM Information Exposure vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system.

5.0
2021-07-15 CVE-2021-34429 Eclipse
Apache
Netapp
Incorrect Authorization vulnerability in multiple products

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.

5.0
2021-07-15 CVE-2020-12733 Depstech Incorrect Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware

Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account.

5.0
2021-07-15 CVE-2021-20439 IBM Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.

5.0
2021-07-15 CVE-2021-29725 IBM Allocation of Resources Without Limits or Throttling vulnerability in IBM products

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

5.0
2021-07-15 CVE-2020-12731 Magicsmotion Cleartext Storage of Sensitive Information vulnerability in Magicsmotion Flamingo 2 Firmware

The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.

5.0
2021-07-15 CVE-2021-34691 Idrive Unspecified vulnerability in Idrive Remotepc

iDrive RemotePC before 4.0.1 on Linux allows denial of service.

5.0
2021-07-14 CVE-2021-31183 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33772, CVE-2021-34490.

5.0
2021-07-14 CVE-2021-33755 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33758.

5.0
2021-07-14 CVE-2021-33766 Microsoft Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Information Disclosure Vulnerability

5.0
2021-07-14 CVE-2021-33772 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-31183, CVE-2021-34490.

5.0
2021-07-14 CVE-2021-33785 Microsoft Unspecified vulnerability in Microsoft products

Windows AF_UNIX Socket Provider Denial of Service Vulnerability

5.0
2021-07-14 CVE-2021-33788 Microsoft Unspecified vulnerability in Microsoft products

Windows LSA Denial of Service Vulnerability

5.0
2021-07-14 CVE-2021-34476 Microsoft Unspecified vulnerability in Microsoft products

Bowser.sys Denial of Service Vulnerability

5.0
2021-07-14 CVE-2021-34490 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-31183, CVE-2021-33772.

5.0
2021-07-14 CVE-2021-34517 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Spoofing Vulnerability

5.0
2021-07-14 CVE-2020-29147 Wayang CMS Project SQL Injection vulnerability in Wayang-Cms Project Wayang-Cms 1.0

A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.

5.0
2021-07-14 CVE-2021-23407 Elfinder NET Core Project Path Traversal vulnerability in Elfinder.Net.Core Project Elfinder.Net.Core

This affects the package elFinder.Net.Core from 0 and before 1.2.4.

5.0
2021-07-14 CVE-2021-36716 Segment Improper Input Validation vulnerability in Segment Is-Email

A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js.

5.0
2021-07-14 CVE-2021-35527 ABB Insufficiently Protected Credentials vulnerability in ABB Esoms

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser.

5.0
2021-07-14 CVE-2021-33670 SAP Unspecified vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

5.0
2021-07-14 CVE-2021-33677 SAP Exposure of Resource to Wrong Sphere vulnerability in SAP Netweaver Abap and Netweaver AS Abap

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.

5.0
2021-07-14 CVE-2021-33684 SAP Out-of-bounds Write vulnerability in SAP Netweaver Abap and Netweaver AS Abap

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability.

5.0
2021-07-14 CVE-2021-20748 Retty Use of Hard-coded Credentials vulnerability in Retty

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service.

5.0
2021-07-13 CVE-2021-21995 Vmware Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue.

5.0
2021-07-13 CVE-2021-20360 IBM Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2021-07-13 CVE-2021-20422 IBM Information Exposure vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory.

5.0
2021-07-13 CVE-2020-22876 Quickjs Project Classic Buffer Overflow vulnerability in Quickjs Project Quickjs

Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service.

5.0
2021-07-13 CVE-2020-22882 Moddable Type Confusion vulnerability in Moddable Os180328/Os180329

Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload.

5.0
2021-07-13 CVE-2020-22885 Artifex Classic Buffer Overflow vulnerability in Artifex Mujs

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.

5.0
2021-07-13 CVE-2020-22886 Artifex Classic Buffer Overflow vulnerability in Artifex Mujs

Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.

5.0
2021-07-13 CVE-2020-22907 Jsish Out-of-bounds Write vulnerability in Jsish

Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.

5.0
2021-07-13 CVE-2021-31810 Ruby Lang
Debian
Exposure of Resource to Wrong Sphere vulnerability in multiple products

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.

5.0
2021-07-13 CVE-2020-28400 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens products

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.7), RUGGEDCOM RM1224 (All Versions < V6.4), SCALANCE M-800 (All Versions < V6.4), SCALANCE S615 (All Versions < V6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl.

5.0
2021-07-13 CVE-2021-33711 Siemens Information Exposure Through an Error Message vulnerability in Siemens Teamcenter Active Workspace

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4).

5.0
2021-07-13 CVE-2021-35515 Apache
Netapp
Oracle
Excessive Iteration vulnerability in multiple products

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.

5.0
2021-07-13 CVE-2021-35516 Apache
Netapp
Oracle
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.

5.0
2021-07-13 CVE-2021-35517 Apache
Netapp
Oracle
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.

5.0
2021-07-13 CVE-2021-36090 Apache
Oracle
Netapp
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
5.0
2021-07-13 CVE-2021-1887 Qualcomm Reachable Assertion vulnerability in Qualcomm products

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking

5.0
2021-07-13 CVE-2021-1907 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

5.0
2021-07-13 CVE-2021-1938 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

5.0
2021-07-13 CVE-2021-1943 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

5.0
2021-07-13 CVE-2021-1945 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

5.0
2021-07-13 CVE-2021-1953 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

5.0
2021-07-13 CVE-2021-1954 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

5.0
2021-07-13 CVE-2021-1955 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

5.0
2021-07-13 CVE-2021-1964 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

5.0
2021-07-13 CVE-2021-1970 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

5.0
2021-07-12 CVE-2021-32734 Nextcloud Information Exposure Through an Error Message vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

5.0
2021-07-12 CVE-2021-32741 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

5.0
2021-07-12 CVE-2021-32727 Nextcloud Improper Certificate Validation vulnerability in Nextcloud

Nextcloud Android Client is the Android client for Nextcloud.

5.0
2021-07-12 CVE-2021-32725 Nextcloud Incorrect Default Permissions vulnerability in Nextcloud Server

Nextcloud Server is a Nextcloud package that handles data storage.

5.0
2021-07-12 CVE-2020-19037 Halo Improper Authentication vulnerability in Halo 0.4.3

Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.

5.0
2021-07-12 CVE-2020-23079 Halo Server-Side Request Forgery (SSRF) vulnerability in Halo

SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.

5.0
2021-07-12 CVE-2021-29794 IBM Inadequate Encryption Strength vulnerability in IBM Tivoli Netcool/Impact 7.1.0.20/7.1.0.21

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2021-07-12 CVE-2021-32703 Nextcloud
Fedoraproject
Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products

Nextcloud Server is a Nextcloud package that handles data storage.

5.0
2021-07-12 CVE-2021-32705 Nextcloud
Fedoraproject
Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products

Nextcloud Server is a Nextcloud package that handles data storage.

5.0
2021-07-12 CVE-2021-36381 Edifecs Injection vulnerability in Edifecs Transaction Management 20210712

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application.

5.0
2021-07-12 CVE-2021-30639 Apache
Mcafee
Improper Handling of Exceptional Conditions vulnerability in multiple products

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service.

5.0
2021-07-12 CVE-2021-33037 Apache
Debian
Oracle
Mcafee
HTTP Request Smuggling vulnerability in multiple products

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.

5.0
2021-07-12 CVE-2021-33807 Gespage Path Traversal vulnerability in Gespage

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.

5.0
2021-07-12 CVE-2021-26090 Fortinet Memory Leak vulnerability in Fortinet Fortimail

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

5.0
2021-07-12 CVE-2021-32678 Nextcloud
Fedoraproject
Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products

Nextcloud Server is a Nextcloud package that handles data storage.

5.0
2021-07-12 CVE-2021-36377 Fossil SCM
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.

5.0
2021-07-12 CVE-2021-22918 Nodejs Out-of-bounds Read vulnerability in Nodejs Node.Js

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII.

5.0
2021-07-12 CVE-2021-27293 Restsharp Incorrect Comparison vulnerability in Restsharp

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes.

5.0
2021-07-15 CVE-2021-20534 IBM Open Redirect vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

4.9
2021-07-14 CVE-2021-34174 Broadcom Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware

A vulnerability exists in Broadcom BCM4352 and BCM43684 chips.

4.9
2021-07-14 CVE-2021-34491 Microsoft Unspecified vulnerability in Microsoft products

Win32k Information Disclosure Vulnerability

4.9
2021-07-14 CVE-2021-0518 Google Information Exposure vulnerability in Google Android 11.0

In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there is a possible leak of location-sensitive data due to a missing permission check.

4.9
2021-07-14 CVE-2021-0588 Google Incorrect Default Permissions vulnerability in Google Android 8.1/9.0

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check.

4.9
2021-07-14 CVE-2021-0590 Google Incorrect Default Permissions vulnerability in Google Android

In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check.

4.9
2021-07-14 CVE-2021-0597 Google Missing Authorization vulnerability in Google Android

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check.

4.9
2021-07-14 CVE-2021-0599 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy.

4.9
2021-07-14 CVE-2021-0601 Google Double Free vulnerability in Google Android

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free.

4.9
2021-07-14 CVE-2021-22318 Huawei NULL Pointer Dereference vulnerability in Huawei Harmonyos 2.0

A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability.

4.9
2021-07-15 CVE-2020-12734 Depstech Insufficiently Protected Credentials vulnerability in Depstech Wifi Digital Microscope 3 Firmware

DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings.

4.8
2021-07-16 CVE-2021-34445 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33761, CVE-2021-33773, CVE-2021-34456.

4.6
2021-07-16 CVE-2021-34449 Microsoft Improper Privilege Management vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34516.

4.6
2021-07-16 CVE-2021-34455 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows File History Service Elevation of Privilege Vulnerability

4.6
2021-07-16 CVE-2021-34456 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33761, CVE-2021-33773, CVE-2021-34445.

4.6
2021-07-16 CVE-2021-34459 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows AppContainer Elevation Of Privilege Vulnerability

4.6
2021-07-16 CVE-2021-34460 Microsoft Improper Privilege Management vulnerability in Microsoft products

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.

4.6
2021-07-16 CVE-2021-34461 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

4.6
2021-07-16 CVE-2021-34462 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

4.6
2021-07-16 CVE-2021-34481 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

4.6
2021-07-16 CVE-2021-3452 Lenovo Unspecified vulnerability in Lenovo Bios

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

4.6
2021-07-16 CVE-2021-3550 Lenovo Uncontrolled Search Path Element vulnerability in Lenovo Pcmanager 3.0.200.2042/3.0.400.3252/3.0.50.9162

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

4.6
2021-07-15 CVE-2021-36753 BAT Project Uncontrolled Search Path Element vulnerability in BAT Project BAT

sharkdp BAT before 0.18.2 executes less.exe from the current working directory.

4.6
2021-07-15 CVE-2021-35056 Unisys Unquoted Search Path or Element vulnerability in Unisys Stealth

Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task.

4.6
2021-07-15 CVE-2020-15495 Acronis Improper Privilege Management vulnerability in Acronis True Image 2019/2020

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.

4.6
2021-07-15 CVE-2020-25736 Acronis Improper Privilege Management vulnerability in Acronis True Image 2019/2020/2021

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.

4.6
2021-07-15 CVE-2020-15496 Acronis Improper Preservation of Permissions vulnerability in Acronis True Image

Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.

4.6
2021-07-15 CVE-2021-33505 Falco Improper Privilege Management vulnerability in Falco

A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed.

4.6
2021-07-14 CVE-2021-33743 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Projected File System Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-33751 Microsoft Improper Privilege Management vulnerability in Microsoft products

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34460, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.

4.6
2021-07-14 CVE-2021-33759 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Desktop Bridge Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-33761 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33773, CVE-2021-34445, CVE-2021-34456.

4.6
2021-07-14 CVE-2021-33767 Microsoft Improper Privilege Management vulnerability in Microsoft Open Enclave Software Development KIT

Open Enclave SDK Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-33773 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33761, CVE-2021-34445, CVE-2021-34456.

4.6
2021-07-14 CVE-2021-33774 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Event Tracing Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-33784 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-34477 Microsoft Improper Privilege Management vulnerability in Microsoft products

Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-34488 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Console Driver Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-34493 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Partition Management Driver Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-34510 Microsoft Improper Privilege Management vulnerability in Microsoft products

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34512, CVE-2021-34513.

4.6
2021-07-14 CVE-2021-34511 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability

4.6
2021-07-14 CVE-2021-34516 Microsoft Improper Privilege Management vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34449.

4.6
2021-07-14 CVE-2019-11098 Tianocore Improper Input Validation vulnerability in Tianocore EDK II

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

4.6
2021-07-14 CVE-2021-0144 Intel Insecure Default Initialization of Resource vulnerability in Intel products

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.

4.6
2021-07-14 CVE-2021-0486 Google Incorrect Default Permissions vulnerability in Google Android 10.0/11.0

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass.

4.6
2021-07-13 CVE-2021-35957 Stormshield Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.

4.6
2021-07-12 CVE-2021-21589 Dell Unspecified vulnerability in Dell products

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization.

4.6
2021-07-12 CVE-2021-21590 Dell Information Exposure vulnerability in Dell products

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability.

4.6
2021-07-12 CVE-2021-21591 Dell Information Exposure vulnerability in Dell products

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability.

4.6
2021-07-16 CVE-2021-3614 Lenovo Unspecified vulnerability in Lenovo products

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

4.4
2021-07-14 CVE-2021-0441 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI.

4.4
2021-07-14 CVE-2021-0603 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack.

4.4
2021-07-13 CVE-2021-36376 Delta Project Uncontrolled Search Path Element vulnerability in Delta Project Delta

dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.

4.4
2021-07-12 CVE-2021-22921 Nodejs Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms.

4.4
2021-07-17 CVE-2021-36771 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus

Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.

4.3
2021-07-17 CVE-2021-36772 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus

Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.

4.3
2021-07-16 CVE-2020-4675 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6

IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3
2021-07-16 CVE-2021-21799 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).

4.3
2021-07-16 CVE-2021-21800 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).

4.3
2021-07-16 CVE-2021-21801 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.

4.3
2021-07-16 CVE-2021-21802 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.

4.3
2021-07-16 CVE-2021-21803 Advantech Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.

4.3
2021-07-16 CVE-2021-21816 D Link Insecure Storage of Sensitive Information vulnerability in D-Link Dir-3040 Firmware 1.13B03

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03.

4.3
2021-07-16 CVE-2021-36755 CGM Remote Monitor Project Cross-site Scripting vulnerability in Cgm-Remote-Monitor Project Cgm-Remote-Monitor 14.2.2

Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header.

4.3
2021-07-15 CVE-2020-23705 Ffjpeg Project Classic Buffer Overflow vulnerability in Ffjpeg Project Ffjpeg

A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

4.3
2021-07-15 CVE-2020-23706 OK File Formats Project Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats

A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

4.3
2021-07-15 CVE-2020-23707 OK File Formats Project Out-of-bounds Write vulnerability in Ok-File-Formats Project Ok-File-Formats

A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

4.3
2021-07-15 CVE-2021-0281 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition.

4.3
2021-07-15 CVE-2021-27845 Jasper Project Divide By Zero vulnerability in Jasper Project Jasper

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c

4.3
2021-07-15 CVE-2021-27847 Libvips Project Divide By Zero vulnerability in Libvips Project Libvips 8.10.5

Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.

4.3
2021-07-15 CVE-2020-36420 Polipo Project Reachable Assertion vulnerability in Polipo Project Polipo

** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header.

4.3
2021-07-14 CVE-2020-18151 Thinkcmf Cross-Site Request Forgery (CSRF) vulnerability in Thinkcmf 5.1.0

Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.

4.3
2021-07-14 CVE-2020-18145 Baidu Cross-site Scripting vulnerability in Baidu Umeditor 1.2.3

Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php.

4.3
2021-07-14 CVE-2021-33753 Microsoft Unspecified vulnerability in Microsoft Bing

Microsoft Bing Search Spoofing Vulnerability

4.3
2021-07-14 CVE-2021-33764 Microsoft Unspecified vulnerability in Microsoft products

Windows Key Distribution Center Information Disclosure Vulnerability

4.3
2021-07-14 CVE-2021-33782 Microsoft Unspecified vulnerability in Microsoft products

Windows Authenticode Spoofing Vulnerability

4.3
2021-07-14 CVE-2021-34479 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Microsoft Visual Studio Spoofing Vulnerability

4.3
2021-07-14 CVE-2021-34507 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Assistance Information Disclosure Vulnerability

4.3
2021-07-14 CVE-2020-29146 Wayang CMS Project Cross-site Scripting vulnerability in Wayang-Cms Project Wayang-Cms 1.0

A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header.

4.3
2021-07-14 CVE-2020-27379 Bookingcore Cross-Site Request Forgery (CSRF) vulnerability in Bookingcore Booking Core 1.7.0

Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 .

4.3
2021-07-14 CVE-2021-0654 Google Incorrect Default Permissions vulnerability in Google Android

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check.

4.3
2021-07-14 CVE-2021-33680 SAP Classic Buffer Overflow vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

4.3
2021-07-14 CVE-2021-33681 SAP Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

4.3
2021-07-14 CVE-2021-36373 Apache
Oracle
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
4.3
2021-07-14 CVE-2021-36374 Apache
Oracle
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
4.3
2021-07-14 CVE-2021-20747 Retty Missing Authorization vulnerability in Retty

Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

4.3
2021-07-13 CVE-2020-19715 Exiv2 Integer Overflow or Wraparound vulnerability in Exiv2 0.27.1

An integer overflow vulnerability in the getUShort function of Exiv2 0.27.1 results in segmentation faults within the application, leading to a denial of service (DOS).

4.3
2021-07-13 CVE-2020-19716 Exiv2 Classic Buffer Overflow vulnerability in Exiv2 0.27.1

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).

4.3
2021-07-13 CVE-2020-19717 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

4.3
2021-07-13 CVE-2020-19718 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

4.3
2021-07-13 CVE-2020-19719 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628

A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS).

4.3
2021-07-13 CVE-2020-19720 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

4.3
2021-07-13 CVE-2020-19721 Axiosys Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1628

A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).

4.3
2021-07-13 CVE-2020-19722 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).

4.3
2021-07-13 CVE-2021-36214 Linecorp Cross-site Scripting vulnerability in Linecorp Line

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.

4.3
2021-07-13 CVE-2021-20369 IBM Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

4.3
2021-07-13 CVE-2021-31225 Stormshield Unspecified vulnerability in Stormshield Endpoint Security

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed.

4.3
2021-07-13 CVE-2020-26153 Eventespresso Cross-site Scripting vulnerability in Eventespresso Event Espresso

A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2021-07-13 CVE-2021-33710 Siemens Cross-site Scripting vulnerability in Siemens Teamcenter Active Workspace

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4).

4.3
2021-07-13 CVE-2021-34299 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34302 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34303 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34304 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34307 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34308 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34320 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34321 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34322 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34325 Siemens Buffer Over-read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34332 Siemens Infinite Loop vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-13 CVE-2021-34333 Siemens Double Free vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2).

4.3
2021-07-12 CVE-2021-32733 Nextcloud Cross-site Scripting vulnerability in Nextcloud Server

Nextcloud Text is a collaborative document editing application that uses Markdown.

4.3
2021-07-12 CVE-2021-24409 Plugin Planet Cross-site Scripting vulnerability in Plugin-Planet Prismatic

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

4.3
2021-07-12 CVE-2021-24429 Salonbookingsystem Cross-site Scripting vulnerability in Salonbookingsystem Salon Booking System

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability.

4.3
2021-07-12 CVE-2021-24434 Codeblab Cross-site Scripting vulnerability in Codeblab Glass

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue.

4.3
2021-07-12 CVE-2021-24454 YOP Poll Cross-site Scripting vulnerability in Yop-Poll YOP Poll

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page.

4.3
2021-07-12 CVE-2020-19203 Pfsense Cross-site Scripting vulnerability in Pfsense 2.4.4

An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier.

4.3
2021-07-12 CVE-2020-19204 Ipfire Cross-site Scripting vulnerability in Ipfire 2.21

An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter.

4.3
2021-07-12 CVE-2021-21588 Dell Insufficient Verification of Data Authenticity vulnerability in Dell Powerflex Presentation Server 3.5

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI.

4.3
2021-07-12 CVE-2020-18979 Halo Cross-site Scripting vulnerability in Halo 0.4.3

Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.

4.3
2021-07-12 CVE-2021-36382 Devolutions Improper Certificate Validation vulnerability in Devolutions Server

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).

4.3
2021-07-12 CVE-2021-22916 Brave Information Exposure vulnerability in Brave

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.

4.3
2021-07-12 CVE-2021-22917 Brave Information Exposure vulnerability in Brave Browser

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.

4.3
2021-07-16 CVE-2021-34444 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33745, CVE-2021-34442, CVE-2021-34499.

4.0
2021-07-15 CVE-2021-20496 IBM Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation.

4.0
2021-07-15 CVE-2021-20499 IBM Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.0
2021-07-15 CVE-2021-20523 IBM Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.0
2021-07-15 CVE-2021-20537 IBM Use of Hard-coded Credentials vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

4.0
2021-07-15 CVE-2021-25320 Rancher Improper Access Control vulnerability in Rancher

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID.

4.0
2021-07-14 CVE-2021-22867 Github Path Traversal vulnerability in Github Enterprise Server

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site.

4.0
2021-07-14 CVE-2021-33745 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-34442, CVE-2021-34444, CVE-2021-34499.

4.0
2021-07-14 CVE-2021-33758 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33755.

4.0
2021-07-14 CVE-2021-33783 Microsoft Unspecified vulnerability in Microsoft products

Windows SMB Information Disclosure Vulnerability

4.0
2021-07-14 CVE-2021-34499 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33745, CVE-2021-34442, CVE-2021-34444.

4.0
2021-07-14 CVE-2021-34500 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Memory Information Disclosure Vulnerability

4.0
2021-07-14 CVE-2020-20231 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process.

4.0
2021-07-14 CVE-2021-24117 SGX Tstd Project Information Exposure Through Discrepancy vulnerability in SGX Tstd Project SGX Tstd 1.1.3

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

4.0
2021-07-14 CVE-2021-33211 Element IT Path Traversal vulnerability in Element-It Http Commander 5.3.3

A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.

4.0
2021-07-14 CVE-2021-33213 Element IT Server-Side Request Forgery (SSRF) vulnerability in Element-It Http Commander 5.3.3

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.

4.0
2021-07-14 CVE-2021-24116 Wolfssl Information Exposure Through Discrepancy vulnerability in Wolfssl

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

4.0
2021-07-14 CVE-2021-24119 ARM
Fedoraproject
Debian
Information Exposure Through Discrepancy vulnerability in multiple products

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

4.0
2021-07-14 CVE-2021-33667 SAP Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.

4.0
2021-07-14 CVE-2021-33683 SAP HTTP Request Smuggling vulnerability in SAP web Dispatcher and Internet Communication Manager

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header.

4.0
2021-07-14 CVE-2021-33687 SAP Unspecified vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

4.0
2021-07-14 CVE-2021-33689 SAP Unspecified vulnerability in SAP Netweaver Application Server Java 7.50

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created.

4.0
2021-07-13 CVE-2021-32755 Wire Improper Certificate Validation vulnerability in Wire

Wire is a collaboration platform.

4.0
2021-07-13 CVE-2020-20252 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process.

4.0
2021-07-13 CVE-2021-20424 IBM Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.0
2021-07-13 CVE-2021-36123 Echobh Unspecified vulnerability in Echobh Sharecare 8.15.5

An issue was discovered in Echo ShareCare 8.15.5.

4.0
2021-07-13 CVE-2020-20250 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process.

4.0
2021-07-13 CVE-2021-33709 Siemens Information Exposure vulnerability in Siemens Teamcenter Active Workspace

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4).

4.0
2021-07-12 CVE-2021-32747 Icinga Information Exposure vulnerability in Icinga

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface.

4.0
2021-07-12 CVE-2021-32689 Nextcloud Information Exposure vulnerability in Nextcloud Talk

Nextcloud Talk is a fully on-premises audio/video and chat communication service.

4.0
2021-07-12 CVE-2021-32707 Nextcloud Information Exposure vulnerability in Nextcloud Mail

Nextcloud Mail is a mail app for Nextcloud.

4.0
2021-07-12 CVE-2021-20414 IBM Unspecified vulnerability in IBM Guardium Data Encryption 3.0.0.2

IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions.

4.0
2021-07-12 CVE-2021-24013 Fortinet Path Traversal vulnerability in Fortinet Fortimail

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

4.0
2021-07-12 CVE-2021-36383 XEN Orchestra Incorrect Authorization vulnerability in Xen-Orchestra Xo-Server and Xo-Web

Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin.

4.0
2021-07-12 CVE-2021-30129 Apache Missing Release of Resource after Effective Lifetime vulnerability in Apache Sshd

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.

4.0
2021-07-12 CVE-2021-22515 Microfocus Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.

4.0
2021-07-12 CVE-2021-26099 Fortinet Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortimail

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.

4.0

87 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-07-16 CVE-2021-34466 Microsoft Incorrect Authorization vulnerability in Microsoft Windows 10

Windows Hello Security Feature Bypass Vulnerability

3.6
2021-07-14 CVE-2021-31961 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows InstallService Elevation of Privilege Vulnerability

3.6
2021-07-14 CVE-2021-22778 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric products

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.

3.6
2021-07-14 CVE-2021-22780 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric products

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources.

3.6
2021-07-16 CVE-2021-28054 Centreon Cross-site Scripting vulnerability in Centreon 20.10.0

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.

3.5
2021-07-16 CVE-2021-28114 Froala Cross-site Scripting vulnerability in Froala What YOU SEE IS What YOU GET Editor

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.

3.5
2021-07-15 CVE-2021-32764 Discourse Cross-site Scripting vulnerability in Discourse

Discourse is an open-source discussion platform.

3.5
2021-07-15 CVE-2021-20524 IBM Cross-site Scripting vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting.

3.5
2021-07-15 CVE-2021-32750 Muwire Project Information Exposure vulnerability in Muwire Project Muwire

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology.

3.5
2021-07-15 CVE-2021-3043 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.

3.5
2021-07-14 CVE-2020-25444 Bookingcore Cross-site Scripting vulnerability in Bookingcore Booking Core 1.7.0

Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.

3.5
2021-07-14 CVE-2021-33212 Element IT Cross-site Scripting vulnerability in Element-It Http Commander 5.3.3

A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.

3.5
2021-07-14 CVE-2021-33682 SAP Cross-site Scripting vulnerability in SAP Lumira Server 2.4

SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2021-07-13 CVE-2021-20361 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

3.5
2021-07-13 CVE-2021-20362 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

3.5
2021-07-13 CVE-2021-20363 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

3.5
2021-07-13 CVE-2021-20364 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

3.5
2021-07-13 CVE-2021-20365 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications 4.3

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

3.5
2021-07-13 CVE-2021-20366 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

3.5
2021-07-13 CVE-2021-20368 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Applications

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting.

3.5
2021-07-13 CVE-2021-33718 Siemens Incorrect Authorization vulnerability in Siemens Mendix

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0).

3.5
2021-07-12 CVE-2021-32746 Icinga Path Traversal vulnerability in Icinga

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface.

3.5
2021-07-12 CVE-2021-32754 Flowdroid Project XXE vulnerability in Flowdroid Project Flowdroid

FlowDroid is a data flow analysis tool.

3.5
2021-07-12 CVE-2021-24365 Admincolumns Cross-site Scripting vulnerability in Admincolumns Admin Columns

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables.

3.5
2021-07-12 CVE-2021-24408 Plugin Planet Cross-site Scripting vulnerability in Plugin-Planet Prismatic

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them.

3.5
2021-07-12 CVE-2021-24418 Smooth Scroll Page UP Down Buttons Project Cross-site Scripting vulnerability in Smooth Scroll Page Up/Down Buttons Project Smooth Scroll Page Up/Down Buttons

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog

3.5
2021-07-12 CVE-2021-24419 WP Youtube Lyte Project Cross-site Scripting vulnerability in WP Youtube Lyte Project WP Youtube Lyte

The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.

3.5
2021-07-12 CVE-2021-24420 Emarketdesign Cross-site Scripting vulnerability in Emarketdesign Request a Quote

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.

3.5
2021-07-12 CVE-2021-24421 Eyecix Cross-site Scripting vulnerability in Eyecix Jobsearch WP JOB Board

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue

3.5
2021-07-12 CVE-2021-24424 Webfactoryltd Cross-site Scripting vulnerability in Webfactoryltd WP Reset

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

3.5
2021-07-12 CVE-2021-24426 WEB Dorado Cross-site Scripting vulnerability in Web-Dorado Backup-Wd

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue

3.5
2021-07-12 CVE-2021-24427 Boldgrid Cross-site Scripting vulnerability in Boldgrid W3 Total Cache

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue

3.5
2021-07-12 CVE-2021-24439 Prothemedesign Cross-site Scripting vulnerability in Prothemedesign Browser Screenshots

The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.

3.5
2021-07-12 CVE-2021-24440 Fetchdesigns Cross-site Scripting vulnerability in Fetchdesigns Sign-Up Sheets

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue.

3.5
2021-07-12 CVE-2020-18982 Halo Cross-site Scripting vulnerability in Halo 0.4.3

Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.

3.5
2021-07-12 CVE-2020-19201 Netgate Cross-site Scripting vulnerability in Netgate Pfsense

A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier.

3.5
2021-07-12 CVE-2021-29803 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.

3.5
2021-07-12 CVE-2021-29804 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.

3.5
2021-07-12 CVE-2021-29805 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.

3.5
2021-07-12 CVE-2021-29822 IBM Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus GUI 8.1.0

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting.

3.5
2021-07-16 CVE-2020-4980 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest.

3.3
2021-07-15 CVE-2021-0288 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition.

3.3
2021-07-15 CVE-2021-0290 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos 16.1/17.1/17.3

Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition.

3.3
2021-07-15 CVE-2021-0292 Juniper Resource Exhaustion vulnerability in Juniper Junos OS Evolved 19.4/20.1/20.2

An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition.

3.3
2021-07-15 CVE-2020-12732 Depstech Insufficiently Protected Credentials vulnerability in Depstech Wifi Digital Microscope 3 Firmware

DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678.

3.3
2021-07-13 CVE-2021-25671 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens products

A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16).

3.3
2021-07-13 CVE-2021-1896 Qualcomm Unspecified vulnerability in Qualcomm products

Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity

3.3
2021-07-15 CVE-2021-0289 Juniper Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer.

2.9
2021-07-15 CVE-2021-0295 Juniper Incorrect Comparison vulnerability in Juniper Junos

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS).

2.9
2021-07-15 CVE-2020-12730 Magicsmotion Missing Encryption of Sensitive Data vulnerability in Magicsmotion Flamingo 2 Firmware

MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.

2.9
2021-07-15 CVE-2021-34687 Idrive Cleartext Transmission of Sensitive Information vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows information disclosure.

2.9
2021-07-13 CVE-2021-31221 Stormshield Unspecified vulnerability in Stormshield Endpoint Security

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.

2.9
2021-07-13 CVE-2021-31222 Stormshield Unspecified vulnerability in Stormshield Endpoint Security

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.

2.9
2021-07-13 CVE-2021-31223 Stormshield Unspecified vulnerability in Stormshield Endpoint Security

SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.

2.9
2021-07-13 CVE-2021-31224 Stormshield Unspecified vulnerability in Stormshield Endpoint Security

SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.

2.9
2021-07-15 CVE-2021-34558 Golang
Fedoraproject
Netapp
Improper Certificate Validation vulnerability in multiple products

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

2.6
2021-07-14 CVE-2021-34519 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Information Disclosure Vulnerability

2.3
2021-07-13 CVE-2021-31220 Stormshield Unspecified vulnerability in Stormshield Endpoint Security

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.

2.3
2021-07-16 CVE-2021-34440 Microsoft Unspecified vulnerability in Microsoft products

GDI+ Information Disclosure Vulnerability

2.1
2021-07-16 CVE-2021-34454 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-33763, CVE-2021-34457.

2.1
2021-07-16 CVE-2021-34457 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-33763, CVE-2021-34454.

2.1
2021-07-16 CVE-2021-3453 Lenovo Unspecified vulnerability in Lenovo products

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

2.1
2021-07-15 CVE-2021-0293 Juniper Memory Leak vulnerability in Juniper Junos

A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed.

2.1
2021-07-15 CVE-2021-20500 IBM Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user.

2.1
2021-07-15 CVE-2021-20510 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user.

2.1
2021-07-15 CVE-2021-21587 Dell Information Exposure vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability.

2.1
2021-07-15 CVE-2020-12729 Magicsmotion Information Exposure vulnerability in Magicsmotion Flamingo 2 Firmware

MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors.

2.1
2021-07-15 CVE-2021-34688 Idrive Use of a Broken or Risky Cryptographic Algorithm vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows information disclosure.

2.1
2021-07-15 CVE-2021-34689 Idrive Information Exposure Through Log Files vulnerability in Idrive Remotepc

iDrive RemotePC before 7.6.48 on Windows allows information disclosure.

2.1
2021-07-14 CVE-2021-33760 Microsoft Unspecified vulnerability in Microsoft products

Media Foundation Information Disclosure Vulnerability

2.1
2021-07-14 CVE-2021-33763 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-34454, CVE-2021-34457.

2.1
2021-07-14 CVE-2021-33765 Microsoft Unspecified vulnerability in Microsoft products

Windows Installer Spoofing Vulnerability

2.1
2021-07-14 CVE-2021-34496 Microsoft Unspecified vulnerability in Microsoft products

Windows GDI Information Disclosure Vulnerability

2.1
2021-07-14 CVE-2021-34509 Microsoft Unspecified vulnerability in Microsoft products

Storage Spaces Controller Information Disclosure Vulnerability

2.1
2021-07-14 CVE-2021-22781 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric products

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file.

2.1
2021-07-14 CVE-2021-22782 Schneider Electric Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.

2.1
2021-07-13 CVE-2021-22399 Huawei Unspecified vulnerability in Huawei P30 Firmware

The Bluetooth function of some Huawei smartphones has a DoS vulnerability.

2.1
2021-07-13 CVE-2021-22440 Huawei Path Traversal vulnerability in Huawei products

There is a path traversal vulnerability in some Huawei products.

2.1
2021-07-13 CVE-2021-33713 Siemens Function Call With Incorrect Variable or Reference as Argument vulnerability in Siemens JT Utilities

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0).

2.1
2021-07-13 CVE-2021-33714 Siemens NULL Pointer Dereference vulnerability in Siemens JT Utilities

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0).

2.1
2021-07-13 CVE-2021-33715 Siemens NULL Pointer Dereference vulnerability in Siemens JT Utilities

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0).

2.1
2021-07-13 CVE-2021-1897 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

2.1
2021-07-13 CVE-2021-1898 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

2.1
2021-07-13 CVE-2021-1899 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

2.1
2021-07-13 CVE-2021-1901 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

2.1
2021-07-12 CVE-2021-32680 Nextcloud
Fedoraproject
Nextcloud Server is a Nextcloud package that handles data storage.
2.1
2021-07-14 CVE-2021-0604 Google Unspecified vulnerability in Google Android

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy.

1.9