Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31581 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2021-08-04 | 2.1 LOW | 4.4 MEDIUM |
| The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | |||||
| CVE-2021-34802 | 1 Neo4j | 1 Graph Databse | 2021-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges. | |||||
| CVE-2021-33505 | 1 Falco | 1 Falco | 2021-07-28 | 4.6 MEDIUM | 7.8 HIGH |
| A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1. | |||||
| CVE-2021-1051 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2021-07-23 | 6.6 MEDIUM | 8.4 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display configuration data, which may result in denial of service of the display. | |||||
| CVE-2020-10088 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | |||||
| CVE-2020-11464 | 1 Deskpro | 1 Deskpro | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc. | |||||
| CVE-2020-1412 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | |||||
| CVE-2020-14976 | 1 Gns3 | 2 Gns3, Ubridge | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context. | |||||
| CVE-2020-26596 | 2 Elementor, Wordpress | 2 Elementor Pro, Wordpress | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. | |||||
| CVE-2020-16262 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation. | |||||
| CVE-2020-12860 | 1 Health | 1 Covidsafe | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name. | |||||
| CVE-2020-14194 | 1 Zulip | 1 Zulip Server | 2021-07-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. | |||||
| CVE-2020-25106 | 1 Supremocontrol | 1 Supremo | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. | |||||
| CVE-2020-12074 | 1 Webtoffee | 1 Import Export Wordpress Users | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | |||||
| CVE-2020-14215 | 1 Zulip | 1 Zulip Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. | |||||
| CVE-2020-7908 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. | |||||
| CVE-2020-13638 | 1 Rconfig | 1 Rconfig | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. | |||||
| CVE-2020-9141 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity. | |||||
| CVE-2020-15826 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. | |||||
| CVE-2019-19216 | 1 Bmcsoftware | 1 Control-m\/agent | 2021-07-21 | 8.5 HIGH | 8.8 HIGH |
| BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. | |||||