| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32463 | Hig | 0.51 | 7.8 | 0.00 | Jul 20, 2021 | An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on… | ||
| CVE-2021-27021 | Hig | 0.57 | 8.8 | 0.01 | Jul 20, 2021 | A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | ||
| CVE-2021-26095 | Hig | 0.49 | 7.5 | 0.01 | Jul 20, 2021 | The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and… | ||
| CVE-2020-7866 | Hig | 0.57 | 8.8 | 0.01 | Jul 20, 2021 | When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation | ||
| CVE-2021-35054 | Hig | 0.49 | 7.5 | 0.01 | Jul 20, 2021 | Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. | ||
| CVE-2020-36430 | Hig | 0.44 | 7.8 | 0.01 | Jul 20, 2021 | libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. | ||
| CVE-2020-36428 | Hig | 0.57 | 8.8 | 0.01 | Jul 20, 2021 | matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). | ||
| CVE-2019-25051 | Hig | 0.00 | 7.8 | 0.01 | Jul 20, 2021 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | ||
| CVE-2019-25050 | Hig | 0.00 | 7.8 | 0.00 | Jul 20, 2021 | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | ||
| CVE-2020-5321 | Hig | 0.49 | 7.6 | 0.01 | Jul 19, 2021 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this… | ||
| CVE-2020-5315 | Hig | 0.57 | 8.8 | 0.00 | Jul 19, 2021 | Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to… | ||
| CVE-2021-31590 | Hig | 0.00 | 8.8 | 0.03 | Jul 19, 2021 | PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user"… | ||
| CVE-2020-22741 | Hig | 0.49 | 7.5 | 0.01 | Jul 19, 2021 | An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. | ||
| CVE-2021-34820 | Hig | 0.49 | 7.5 | 0.04 | Jul 19, 2021 | Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data.… | ||
| CVE-2021-36799 | Hig | 0.57 | 8.8 | 0.00 | Jul 19, 2021 | KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||
| CVE-2021-34676 | Hig | 0.49 | 7.5 | 0.02 | Jul 19, 2021 | Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation. | ||
| CVE-2021-34675 | Hig | 0.49 | 7.5 | 0.02 | Jul 19, 2021 | Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports. | ||
| CVE-2020-36426 | Hig | 0.42 | 7.5 | 0.02 | Jul 19, 2021 | An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). | ||
| CVE-2020-36423 | Hig | 0.42 | 7.5 | 0.01 | Jul 19, 2021 | An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. | ||
| CVE-2020-22650 | Hig | 0.49 | 7.5 | 0.01 | Jul 19, 2021 | A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events. | ||
| CVE-2021-29707 | Hig | 0.51 | 7.8 | 0.00 | Jul 19, 2021 | IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879. | ||
| CVE-2021-35449 | Hig | 0.54 | 7.8 | 0.01 | Jul 19, 2021 | The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of… | ||
| CVE-2021-20109 | Hig | 0.49 | 7.5 | 0.01 | Jul 19, 2021 | Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as… | ||
| CVE-2021-20108 | Hig | 0.49 | 7.5 | 0.03 | Jul 19, 2021 | Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be… | ||
| CVE-2021-31216 | Hig | 0.53 | 8.1 | 0.01 | Jul 19, 2021 | Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route… | ||
| CVE-2021-35964 | Hig | 0.48 | 7.3 | 0.01 | Jul 19, 2021 | The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users… | ||
| CVE-2021-24453 | Hig | 0.58 | 8.8 | 0.05 | Jul 19, 2021 | The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure | ||
| CVE-2021-36773 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2021 | uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking… | ||
| CVE-2021-36213 | — | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2021 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1. | |
| CVE-2021-32574 | — | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2021 | HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1. | |
| CVE-2019-3752 | Hig | 0.53 | 8.2 | 0.01 | Jul 16, 2021 | Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially… | ||
| CVE-2021-3550 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2021 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. | ||
| CVE-2021-34481 | Hig | 0.61 | 8.8 | 0.45 | Jul 16, 2021 | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install… | ||
| CVE-2021-34467 | Hig | 0.47 | 7.1 | 0.05 | Jul 16, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2021-34464 | Hig | 0.51 | 7.8 | 0.03 | Jul 16, 2021 | Microsoft Defender Remote Code Execution Vulnerability | ||
| CVE-2021-34462 | Hig | 0.46 | 7.0 | 0.01 | Jul 16, 2021 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | ||
| CVE-2021-34461 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2021 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-34460 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2021 | Storage Spaces Controller Elevation of Privilege Vulnerability | ||
| CVE-2021-34459 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2021 | Windows AppContainer Elevation Of Privilege Vulnerability | ||
| CVE-2021-34456 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2021 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | ||
| CVE-2021-34455 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2021 | Windows File History Service Elevation of Privilege Vulnerability | ||
| CVE-2021-34452 | Hig | 0.51 | 7.8 | 0.02 | Jul 16, 2021 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2021-34450 | Hig | 0.55 | 8.5 | 0.02 | Jul 16, 2021 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2021-34449 | Hig | 0.46 | 7.0 | 0.02 | Jul 16, 2021 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2021-34446 | Hig | 0.52 | 8.0 | 0.02 | Jul 16, 2021 | Windows HTML Platforms Security Feature Bypass Vulnerability | ||
| CVE-2021-34445 | Hig | 0.51 | 7.8 | 0.01 | Jul 16, 2021 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | ||
| CVE-2021-34442 | Hig | 0.57 | 8.8 | 0.03 | Jul 16, 2021 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2021-34441 | Hig | 0.51 | 7.8 | 0.02 | Jul 16, 2021 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | ||
| CVE-2021-34439 | Hig | 0.51 | 7.8 | 0.03 | Jul 16, 2021 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | ||
| CVE-2021-34438 | Hig | 0.51 | 7.8 | 0.02 | Jul 16, 2021 | Windows Font Driver Host Remote Code Execution Vulnerability |
- risk 0.51cvss 7.8epss 0.00
An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on…
- risk 0.57cvss 8.8epss 0.01
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
- risk 0.49cvss 7.5epss 0.01
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and…
- risk 0.57cvss 8.8epss 0.01
When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation
- risk 0.49cvss 7.5epss 0.01
Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.
- risk 0.44cvss 7.8epss 0.01
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
- risk 0.57cvss 8.8epss 0.01
matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).
- risk 0.00cvss 7.8epss 0.01
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
- risk 0.00cvss 7.8epss 0.00
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
- risk 0.49cvss 7.6epss 0.01
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this…
- risk 0.57cvss 8.8epss 0.00
Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to…
- risk 0.00cvss 8.8epss 0.03
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user"…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature.
- risk 0.49cvss 7.5epss 0.04
Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data.…
- risk 0.57cvss 8.8epss 0.00
KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- risk 0.49cvss 7.5epss 0.02
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.
- risk 0.49cvss 7.5epss 0.02
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
- risk 0.49cvss 7.5epss 0.01
A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.
- risk 0.51cvss 7.8epss 0.00
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.
- risk 0.54cvss 7.8epss 0.01
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of…
- risk 0.49cvss 7.5epss 0.01
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as…
- risk 0.49cvss 7.5epss 0.03
Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be…
- risk 0.53cvss 8.1epss 0.01
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route…
- risk 0.48cvss 7.3epss 0.01
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users…
- risk 0.58cvss 8.8epss 0.05
The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
- risk 0.49cvss 7.5epss 0.01
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking…
- risk 0.49cvss 7.5epss 0.02
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1.
- risk 0.49cvss 7.5epss 0.01
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
- risk 0.53cvss 8.2epss 0.01
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially…
- risk 0.51cvss 7.8epss 0.00
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.
- risk 0.61cvss 8.8epss 0.45
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…
- risk 0.47cvss 7.1epss 0.05
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Defender Remote Code Execution Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Storage Spaces Controller Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows AppContainer Elevation Of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows File History Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Word Remote Code Execution Vulnerability
- risk 0.55cvss 8.5epss 0.02
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.46cvss 7.0epss 0.02
Win32k Elevation of Privilege Vulnerability
- risk 0.52cvss 8.0epss 0.02
Windows HTML Platforms Security Feature Bypass Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.03
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Windows Font Driver Host Remote Code Execution Vulnerability