Total
1442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20466 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 9.8 Critical |
| White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | ||||
| CVE-2020-20471 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 8.8 High |
| White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | ||||
| CVE-2021-33881 | 1 Nxp | 16 Mifare Ultralight C, Mifare Ultralight C Firmware, Mifare Ultralight Ev1 and 13 more | 2021-06-17 | 4.2 Medium |
| On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc. | ||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2021-06-17 | 6.5 Medium |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | ||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2021-06-16 | 7.8 High |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | ||||
| CVE-2021-3469 | 1 Theforeman | 1 Foreman | 2021-06-10 | 5.4 Medium |
| Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly. | ||||
| CVE-2021-20229 | 3 Fedoraproject, Postgresql, Redhat | 4 Fedora, Postgresql, Enterprise Linux and 1 more | 2021-06-09 | 4.3 Medium |
| A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-1729 | 1 Redhat | 1 Smallrye Config | 2021-06-08 | 4.4 Medium |
| A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2 | ||||
| CVE-2021-29943 | 1 Apache | 1 Solr | 2021-06-08 | 9.1 Critical |
| When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. | ||||
| CVE-2021-29642 | 1 Gistpad Project | 1 Gistpad | 2021-06-04 | 5.3 Medium |
| GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens. | ||||
| CVE-2020-26559 | 1 Bluetooth | 1 Mesh Profile | 2021-06-03 | 8.8 High |
| Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. | ||||
| CVE-2020-26560 | 1 Bluetooth | 1 Mesh Profile | 2021-06-03 | 8.1 High |
| Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. | ||||
| CVE-2021-31876 | 1 Bitcoin | 1 Bitcoin | 2021-05-26 | 6.5 Medium |
| Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction. | ||||
| CVE-2021-31158 | 1 Couchbase | 1 Couchbase Server | 2021-05-25 | 6.5 Medium |
| In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. | ||||
| CVE-2021-23015 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-05-24 | 7.2 High |
| On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2021-3457 | 1 Theforeman | 1 Smart Proxy Shell Hooks | 2021-05-20 | 6.1 Medium |
| An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | ||||
| CVE-2021-24278 | 1 Querysol | 1 Redirection For Contact Form 7 | 2021-05-17 | 7.5 High |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. | ||||
| CVE-2021-24282 | 1 Querysol | 1 Redirection For Contact Form 7 | 2021-05-17 | 6.3 Medium |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7r_reset_settings to reset the plugin’s settings, wpcf7r_add_action to add actions to a form, and more. | ||||
| CVE-2021-24281 | 1 Querysol | 1 Redirection For Contact Form 7 | 2021-05-17 | 4.3 Medium |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site. | ||||
| CVE-2021-24279 | 1 Querysol | 1 Redirection For Contact Form 7 | 2021-05-17 | 6.5 Medium |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository. | ||||