Total
28991 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38900 | 1 Ibm | 3 Business Automation Workflow, Business Process Manager, Workflow Process Service | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. | |||||
CVE-2021-36167 | 1 Fortinet | 1 Forticlient | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | |||||
CVE-2021-3801 | 1 Prismjs | 1 Prism | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
prism is vulnerable to Inefficient Regular Expression Complexity | |||||
CVE-2021-21968 | 1 Sealevel | 2 Seaconnect 370w, Seaconnect 370w Firmware | 2024-02-28 | 6.8 MEDIUM | 8.3 HIGH |
A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | |||||
CVE-2021-25470 | 2 Google, Samsung | 2 Android, Exynos | 2024-02-28 | 3.6 LOW | 7.9 HIGH |
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. | |||||
CVE-2021-1024 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191283525 | |||||
CVE-2021-0981 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-191981182 | |||||
CVE-2020-12030 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1420 Gateway and 3 more | 2024-02-28 | 6.8 MEDIUM | 10.0 CRITICAL |
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | |||||
CVE-2022-21899 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
CVE-2022-0270 | 1 Mirantis | 1 Bored-agent | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. | |||||
CVE-2021-26334 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
The AMDPowerProfiler.sys driver of AMD µProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | |||||
CVE-2021-0197 | 1 Intel | 6 Ethernet Network Controller E810-cam1, Ethernet Network Controller E810-cam1 Firmware, Ethernet Network Controller E810-cam2 and 3 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Protection mechanism failure in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access. | |||||
CVE-2021-41564 | 1 Tad Honor Project | 1 Tad Honor | 2024-02-28 | 5.0 MEDIUM | 6.5 MEDIUM |
Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in. | |||||
CVE-2018-25029 | 1 Silabs | 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more | 2024-02-28 | 4.8 MEDIUM | 8.1 HIGH |
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. | |||||
CVE-2021-40110 | 1 Apache | 1 James | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking. | |||||
CVE-2021-42332 | 1 Xinheinformation | 1 Xinhe Teaching Platform System | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters. | |||||
CVE-2021-1956 | 1 Qualcomm | 84 Aqt1000, Aqt1000 Firmware, Ar8035 and 81 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
CVE-2021-38696 | 1 Softvibe | 1 Saraban | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication. | |||||
CVE-2021-39233 | 1 Apache | 1 Ozone | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. |