Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3006 | 1 Seal Finance Project | 1 Seal Finance | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021. | |||||
| CVE-2021-1929 | 1 Qualcomm | 186 Apq8096au, Apq8096au Firmware, Aqt1000 and 183 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-20617 | 1 Acmailer | 2 Acmailer, Acmailer Db | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors. | |||||
| CVE-2021-40382 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access. | |||||
| CVE-2021-1932 | 1 Qualcomm | 128 Aqt1000, Aqt1000 Firmware, Ar8035 and 125 more | 2022-07-12 | 7.2 HIGH | 8.4 HIGH |
| Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-38621 | 1 Netless | 1 Flat Server | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. | |||||
| CVE-2021-42557 | 1 Jeedom | 1 Jeedom | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials. | |||||
| CVE-2021-44899 | 1 Msi | 1 Center | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | |||||
| CVE-2021-21730 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2022-07-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 | |||||
| CVE-2021-43051 | 1 Tibco | 1 Spotfire Server | 2022-07-12 | 8.5 HIGH | 6.8 MEDIUM |
| The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. | |||||
| CVE-2020-19641 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'. | |||||
| CVE-2021-37038 | 1 Huawei | 2 Emui, Magic Ui | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-42343 | 1 Anaconda | 1 Dask | 2022-07-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. | |||||
| CVE-2021-25755 | 1 Jetbrains | 1 Code With Me | 2022-07-12 | 1.9 LOW | 2.5 LOW |
| In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. | |||||
| CVE-2021-30816 | 1 Apple | 2 Ipados, Iphone Os | 2022-07-12 | 2.1 LOW | 2.4 LOW |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. | |||||
| CVE-2021-1055 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2022-07-12 | 4.6 MEDIUM | 5.3 MEDIUM |
| NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure. | |||||
| CVE-2021-31601 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials. | |||||
| CVE-2021-27024 | 1 Puppet | 1 Continuous Delivery | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0 | |||||
| CVE-2021-30783 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 2.1 LOW | 6.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-22213 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | |||||