Search Results (Refine Search)

Search Parameters:
There are 158,080 matching records.
Displaying matches 1,221 through 1,240.
Vuln ID Summary CVSS Severity
CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.

Published: July 14, 2021; 11:15:08 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2021-22778

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.

Published: July 14, 2021; 11:15:08 AM -0400
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-27379

Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password. The new password will be sent to a modified email ID.

Published: July 14, 2021; 11:15:08 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-25445

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.

Published: July 14, 2021; 11:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-25444

Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.

Published: July 14, 2021; 11:15:08 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-35527

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-33213

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-33212

A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-33211

A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-24117

In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-0654

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168802517References: N/A

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-0604

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-0603

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-182809425

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-0602

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-0601

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-0600

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2021-0599

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-0597

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-0596

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-0594

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224

Published: July 14, 2021; 10:15:08 AM -0400
V3.1: 8.0 HIGH
V2.0: 7.9 HIGH