Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41093 | 1 Wire | 1 Wire | 2024-08-04 | 7.4 High |
| Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together. | ||||
| CVE-2021-41082 | 1 Discourse | 1 Discourse | 2024-08-04 | 7.5 High |
| Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch. | ||||
| CVE-2021-40692 | 1 Moodle | 1 Moodle | 2024-08-04 | 4.3 Medium |
| Insufficient capability checks made it possible for teachers to download users outside of their courses. | ||||
| CVE-2021-40654 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-08-04 | 6.5 Medium |
| An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page | ||||
| CVE-2021-40639 | 1 Jflyfox | 1 Jfinal Cms | 2024-08-04 | 7.5 High |
| Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | ||||
| CVE-2021-40504 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-04 | 4.9 Medium |
| A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions. | ||||
| CVE-2021-40456 | 1 Microsoft | 5 Windows Server, Windows Server 2004, Windows Server 2019 and 2 more | 2024-08-04 | 5.3 Medium |
| Windows AD FS Security Feature Bypass Vulnerability | ||||
| CVE-2021-39943 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call | ||||
| CVE-2021-39936 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 3.5 Low |
| Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki. | ||||
| CVE-2021-39918 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 3.1 Low |
| Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed. | ||||
| CVE-2021-39930 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates | ||||
| CVE-2021-39945 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 2.7 Low |
| Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked | ||||
| CVE-2021-39902 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. | ||||
| CVE-2021-39904 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request | ||||
| CVE-2021-39876 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. | ||||
| CVE-2021-39790 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146 | ||||
| CVE-2021-39799 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 | ||||
| CVE-2021-39802 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel | ||||
| CVE-2021-39789 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906 | ||||
| CVE-2021-39630 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292 | ||||