Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42749 | 1 Fastlinemedia | 1 Beaver Themer | 2024-08-04 | 5.3 Medium |
| In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set. | ||||
| CVE-2021-42641 | 1 Printerlogic | 1 Web Stack | 2024-08-04 | 7.5 High |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | ||||
| CVE-2021-42640 | 1 Printerlogic | 1 Web Stack | 2024-08-04 | 9.1 Critical |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | ||||
| CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2024-08-04 | 7.8 High |
| AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | ||||
| CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-08-04 | 7.8 High |
| BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-41988 | 1 Qlik | 1 Nprinting Designer | 2024-08-04 | 7.8 High |
| Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-41989 | 1 Qlik | 1 Qlikview | 2024-08-04 | 7.8 High |
| Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-41140 | 1 Discourse | 1 Discourse Reactions | 2024-08-04 | 5.3 Medium |
| Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel. | ||||
| CVE-2021-41088 | 1 Elv | 1 Elvish | 2024-08-04 | 8 High |
| Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version). | ||||
| CVE-2021-41094 | 1 Wire | 1 Wire | 2024-08-04 | 4.2 Medium |
| Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70 | ||||
| CVE-2021-41065 | 1 Bopsoft | 1 Listary | 2024-08-04 | 7.3 High |
| An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). | ||||
| CVE-2021-40639 | 1 Jflyfox | 1 Jfinal Cms | 2024-08-04 | 7.5 High |
| Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | ||||
| CVE-2021-40496 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-08-04 | 4.3 Medium |
| SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details. | ||||
| CVE-2021-40497 | 1 Sap | 1 Businessobjects Analysis | 2024-08-04 | 5.3 Medium |
| SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version. | ||||
| CVE-2021-39971 | 1 Huawei | 1 Harmonyos | 2024-08-04 | 7.5 High |
| Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. | ||||
| CVE-2021-39915 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.3 Medium |
| Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects | ||||
| CVE-2021-39777 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 | ||||
| CVE-2021-39715 | 1 Google | 1 Android | 2024-08-04 | 4.4 Medium |
| In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel | ||||
| CVE-2021-39628 | 1 Google | 1 Android | 2024-08-04 | 3.3 Low |
| In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 | ||||
| CVE-2021-39184 | 1 Electronjs | 1 Electron | 2024-08-04 | 6.8 Medium |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it. | ||||