Total
1466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1981 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 3.5 LOW | 2.7 LOW |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list. | |||||
| CVE-2021-29959 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-31548 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed. | |||||
| CVE-2021-42137 | 1 Zammad | 1 Zammad | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. | |||||
| CVE-2021-40639 | 1 Jflyfox | 1 Jfinal Cms | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | |||||
| CVE-2021-0645 | 1 Google | 1 Android | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320644 | |||||
| CVE-2021-27195 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2022-07-12 | 5.0 MEDIUM | 5.9 MEDIUM |
| Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic. | |||||
| CVE-2021-33335 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user. | |||||
| CVE-2020-9381 | 1 Totaljs | 1 Total.js Cms | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. | |||||
| CVE-2021-26027 | 1 Joomla | 1 Joomla\! | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article. | |||||
| CVE-2021-39630 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292 | |||||
| CVE-2021-39119 | 1 Atlassian | 2 Data Center, Jira | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0. | |||||
| CVE-2021-39799 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 | |||||
| CVE-2021-28674 | 1 Solarwinds | 1 Orion Platform | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform. | |||||
| CVE-2020-12391 | 1 Mozilla | 1 Firefox | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. | |||||
| CVE-2021-45339 | 1 Avast | 1 Antivirus | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. | |||||
| CVE-2020-14121 | 1 Mi | 1 Mi App Store | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation. | |||||
| CVE-2021-0376 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-115619667 | |||||
| CVE-2021-46561 | 1 Mitre | 1 Cve Services | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. | |||||
| CVE-2021-20429 | 1 Ibm | 1 Qradar User Behavior Analytics | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334. | |||||