Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0590 | 1 Google | 1 Android | 2022-07-12 | 4.9 MEDIUM | 4.4 MEDIUM |
| In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041 | |||||
| CVE-2021-37471 | 1 Cradlepoint | 6 Ibr600, Ibr600 Firmware, Ibr600c and 3 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line. | |||||
| CVE-2021-41020 | 1 Fortinet | 1 Fortiisolator | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. | |||||
| CVE-2021-44900 | 1 Msi | 1 App Player | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | |||||
| CVE-2021-32483 | 1 Cloudera | 1 Cloudera Manager | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard. | |||||
| CVE-2021-37091 | 1 Huawei | 1 Harmonyos | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | |||||
| CVE-2021-0383 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056 | |||||
| CVE-2021-3511 | 1 Buffalo | 48 Bhr-4grv, Bhr-4grv Firmware, Dwr-hp-g300nh and 45 more | 2022-07-12 | 3.3 LOW | 4.3 MEDIUM |
| Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors. | |||||
| CVE-2021-20657 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors. | |||||
| CVE-2021-23985 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. | |||||
| CVE-2021-38502 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. | |||||
| CVE-2021-20624 | 1 Cybozu | 1 Office | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. | |||||
| CVE-2021-35465 | 1 Arm | 8 China Star-mc1, China Star-mc1 Firmware, Cortex-m33 and 5 more | 2022-07-12 | 3.6 LOW | 3.4 LOW |
| Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration). | |||||
| CVE-2021-34272 | 1 Robotbtc Project | 1 Robotbtc | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets. | |||||
| CVE-2021-41285 | 1 Micron | 1 Ballistix Memory Overview Display Utility | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM. | |||||
| CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2022-07-12 | 2.3 LOW | 5.2 MEDIUM |
| Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | |||||
| CVE-2021-23244 | 1 Oppo | 1 Coloros | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | |||||
| CVE-2021-0098 | 1 Intel | 1 Unite | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-43771 | 1 Trendmicro | 1 Antivirus | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-10966 | 2 Hestiacp, Vestacp | 2 Control Panel, Control Panel | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. | |||||