Total
622 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | |||||
CVE-2021-42749 | 1 Fastlinemedia | 1 Beaver Themer | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set. | |||||
CVE-2021-42714 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | |||||
CVE-2021-42713 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. | |||||
CVE-2021-42712 | 1 Splashtop | 1 Streamer | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | |||||
CVE-2021-42641 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | |||||
CVE-2021-42640 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | |||||
CVE-2021-42536 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 4.0 MEDIUM | 8.0 HIGH |
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | |||||
CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | |||||
CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | |||||
CVE-2021-41065 | 1 Bopsoft | 1 Listary | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). | |||||
CVE-2021-40639 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | |||||
CVE-2021-40497 | 1 Sap | 1 Businessobjects Analysis | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version. | |||||
CVE-2021-40496 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details. | |||||
CVE-2021-39971 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. | |||||
CVE-2021-39915 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects | |||||
CVE-2021-39777 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 | |||||
CVE-2021-39628 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 | |||||
CVE-2021-39212 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />. | |||||
CVE-2021-38931 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. |