Total
28993 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-35243 | 1 Solarwinds | 1 Web Help Desk | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity. | |||||
CVE-2021-26107 | 1 Fortinet | 1 Fortimanager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. | |||||
CVE-2021-1957 | 1 Qualcomm | 92 Apq8017, Apq8017 Firmware, Qca6174a and 89 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
CVE-2021-34864 | 1 Parallels | 1 Parallels Desktop | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543. | |||||
CVE-2021-24537 | 1 Shareaholic | 1 Similar Posts | 2024-02-28 | 6.0 MEDIUM | 7.2 HIGH |
The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin. | |||||
CVE-2021-22567 | 1 Dart | 1 Dart Software Development Kit | 2024-02-28 | 3.5 LOW | 3.5 LOW |
Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. | |||||
CVE-2021-39892 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users. | |||||
CVE-2021-1043 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A | |||||
CVE-2021-37091 | 1 Huawei | 1 Harmonyos | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | |||||
CVE-2021-36311 | 1 Dell | 1 Emc Networker | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | |||||
CVE-2021-0110 | 1 Intel | 30 Core I3-10100y, Core I3-10110u, Core I3-10110y and 27 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access. | |||||
CVE-2022-0172 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones. | |||||
CVE-2021-31370 | 1 Juniper | 15 Ex4600, Ex4600-vc, Ex4650 and 12 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols (including but not limited to routing-protocols) and lead to a Denial of Service (DoS). Continued receipt of this specific multicast traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 and EX4600 Series: All versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | |||||
CVE-2021-41617 | 5 Fedoraproject, Netapp, Openbsd and 2 more | 14 Fedora, Active Iq Unified Manager, Aff 500f and 11 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. | |||||
CVE-2021-38178 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data. | |||||
CVE-2021-21689 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
CVE-2021-1932 | 1 Qualcomm | 128 Aqt1000, Aqt1000 Firmware, Ar8035 and 125 more | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2022-21672 | 1 Linuxfromscratch | 1 Make-ca | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor. | |||||
CVE-2021-43946 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. | |||||
CVE-2021-44886 | 1 Zammad | 1 Zammad | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. |