Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0547 | 1 Google | 1 Android | 2021-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048 | |||||
| CVE-2021-0568 | 1 Google | 1 Android | 2021-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238 | |||||
| CVE-2021-0554 | 1 Google | 1 Android | 2021-06-23 | 2.1 LOW | 5.5 MEDIUM |
| In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162 | |||||
| CVE-2021-0521 | 1 Google | 1 Android | 2021-06-23 | 2.1 LOW | 5.5 MEDIUM |
| In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174661955 | |||||
| CVE-2021-33031 | 1 Labcup | 1 Labcup | 2021-06-22 | 3.5 LOW | 3.1 LOW |
| In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03. | |||||
| CVE-2021-23204 | 1 Gallagher | 1 Command Centre | 2021-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3). | |||||
| CVE-2021-22896 | 1 Nextcloud | 1 Nextcloud | 2021-06-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | |||||
| CVE-2021-32015 | 1 Nuvoton | 2 Npct75x, Npct75x Firmware | 2021-06-21 | 3.6 LOW | 6.0 MEDIUM |
| In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update. | |||||
| CVE-2020-26830 | 1 Sap | 1 Solution Manager | 2021-06-17 | 5.5 MEDIUM | 8.1 HIGH |
| SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script. | |||||
| CVE-2021-32652 | 1 Nextcloud | 1 Nextcloud Mail | 2021-06-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist. | |||||
| CVE-2021-23014 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2020-4669 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2021-05-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. | |||||
| CVE-2019-13547 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | |||||
| CVE-2021-32093 | 1 Nsa | 1 Emissary | 2021-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter. | |||||
| CVE-2021-32095 | 1 Nsa | 1 Emissary | 2021-05-12 | 5.5 MEDIUM | 8.1 HIGH |
| U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files. | |||||
| CVE-2020-18888 | 1 Puppycms | 1 Puppycms | 2021-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php. | |||||
| CVE-2021-27573 | 1 Remotemouse | 1 Emote Remote Mouse | 2021-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication. | |||||
| CVE-2021-27609 | 1 Sap | 1 Focused Run | 2021-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization. | |||||
| CVE-2015-8840 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. | |||||
| CVE-2021-27605 | 1 Sap | 1 Fiori Apps 2.0 For Travel Management In Sap Erp | 2021-04-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted. | |||||