Total
3032 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-21298 | 1 Oracle | 1 Solaris | 2023-12-10 | 3.3 LOW | 3.9 LOW |
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Install). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). | |||||
CVE-2022-21324 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2023-12-10 | 2.9 LOW | 2.9 LOW |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L). | |||||
CVE-2021-41534 | 1 Siemens | 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703). | |||||
CVE-2021-25527 | 1 Samsung | 1 Pay | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | |||||
CVE-2021-40537 | 1 Owncloud | 1 User Ldap | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. | |||||
CVE-2021-44840 | 1 Deltarm | 1 Delta Rm | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user. | |||||
CVE-2021-22457 | 1 Huawei | 1 Harmonyos | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. | |||||
CVE-2021-42070 | 1 Sap | 1 3d Visual Enterprise Viewer | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | |||||
CVE-2021-30816 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. | |||||
CVE-2021-1863 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. | |||||
CVE-2021-28376 | 1 Chronoengine | 1 Chronoforums | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. | |||||
CVE-2021-35576 | 1 Oracle | 1 Database Server | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2021-38129 | 1 Microfocus | 1 Operations Agent | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. | |||||
CVE-2021-36181 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 3.5 LOW | 3.1 LOW |
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. | |||||
CVE-2021-25515 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | |||||
CVE-2021-43264 | 1 Mahara | 1 Mahara | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character. | |||||
CVE-2021-22453 | 1 Huawei | 1 Harmonyos | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. | |||||
CVE-2022-21247 | 1 Oracle | 1 Database Server | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
CVE-2021-41861 | 1 Telegram | 1 Telegram | 2023-12-10 | 2.1 LOW | 3.3 LOW |
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. | |||||
CVE-2021-1031 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 |