Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32077 | 1 Veritystream | 1 Msow Solutions | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII. | |||||
| CVE-2021-37394 | 1 Rpcms | 1 Rpcms | 2022-07-12 | 6.0 MEDIUM | 8.8 HIGH |
| In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. | |||||
| CVE-2021-3130 | 1 Opmantek | 1 Open-audit | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | |||||
| CVE-2021-40380 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials. | |||||
| CVE-2021-46419 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. | |||||
| CVE-2021-44032 | 1 Tp-link | 1 Omada Software Controller | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. | |||||
| CVE-2021-43563 | 1 Pixxio | 1 Pixx.io | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system. | |||||
| CVE-2021-25768 | 1 Jetbrains | 1 Youtrack | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. | |||||
| CVE-2021-0434 | 1 Google | 1 Android | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112 | |||||
| CVE-2021-36177 | 1 Fortinet | 1 Fortiauthenticator | 2022-07-12 | 3.3 LOW | 4.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. | |||||
| CVE-2021-30503 | 1 Glsl Linting Project | 1 Glsl Linting | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration. | |||||
| CVE-2021-39976 | 1 Huawei | 2 Cloudengine 5800, Cloudengine 5800 Firmware | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. | |||||
| CVE-2020-28012 | 1 Exim | 1 Exim | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. | |||||
| CVE-2021-38608 | 1 Tranquil | 1 Wapt | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. | |||||
| CVE-2021-20841 | 1 Ec-cube | 1 Ec-cube | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors. | |||||
| CVE-2021-22334 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 3.3 LOW | 7.4 HIGH |
| There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections. | |||||
| CVE-2021-39903 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings. | |||||
| CVE-2021-20625 | 1 Cybozu | 1 Office | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors. | |||||
| CVE-2020-5622 | 1 Shadan-kun | 1 Server Security Type | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Shadankun Server Security Type (excluding normal blocking method types) Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly detected attack source IP addresses as blocking targets for about 10 minutes via a specially crafted request. | |||||
| CVE-2021-0445 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android ID: A-172322502 | |||||