Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5180 | 3 Apple, Microsoft, Sparklabs | 3 Macos, Windows, Viscosity | 2021-09-08 | 4.6 MEDIUM | 7.8 HIGH |
| Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.) | |||||
| CVE-2020-3974 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2021-09-08 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. | |||||
| CVE-2020-16022 | 4 Apple, Google, Linux and 1 more | 7 Macos, Android, Chrome and 4 more | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page. | |||||
| CVE-2019-7097 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack. | |||||
| CVE-2018-0701 | 3 Apple, Bluestacks, Microsoft | 3 Macos, Bluestacks, Windows | 2021-09-08 | 5.8 MEDIUM | 8.8 HIGH |
| BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access. | |||||
| CVE-2019-7041 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2017-5078 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument. | |||||
| CVE-2017-9977 | 2 Apple, Avg | 2 Macos, Anti-virus | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. | |||||
| CVE-2021-40387 | 1 Kaseya | 1 Unitrends Backup Software | 2021-09-07 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. | |||||
| CVE-2021-29801 | 1 Ibm | 2 Aix, Vios | 2021-09-07 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. | |||||
| CVE-2017-16875 | 1 Teluu | 1 Pjsip | 2021-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations. | |||||
| CVE-2021-39271 | 1 Bscw | 1 Bscw Classic | 2021-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. | |||||
| CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | |||||
| CVE-2021-23424 | 1 Ansi-html Project | 1 Ansi-html | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. | |||||
| CVE-2021-37707 | 1 Shopware | 1 Shopware | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | |||||
| CVE-2021-38589 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 5.5 MEDIUM | 8.1 HIGH |
| In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). | |||||
| CVE-2021-38531 | 1 Netgear | 24 Ac2100, Ac2100 Firmware, Ac2400 and 21 more | 2021-08-19 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, and AC2400 before 1.2.0.76. | |||||
| CVE-2020-24742 | 1 Qt | 1 Qt | 2021-08-19 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. | |||||
| CVE-2021-38532 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2021-08-19 | 6.5 MEDIUM | 7.2 HIGH |
| NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. | |||||
| CVE-2021-38515 | 1 Netgear | 8 R6400, R6400 Firmware, R6700 and 5 more | 2021-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by denial of service. This affects R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R7900 before 1.0.3.18, and R8000 before 1.0.4.46. | |||||
| CVE-2021-22902 | 1 Rubyonrails | 1 Rails | 2021-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. | |||||
| CVE-2020-36433 | 1 Aeplay | 1 Chunky | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. | |||||
| CVE-2020-8248 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2021-08-17 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | |||||
| CVE-2020-8241 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2021-08-17 | 5.1 MEDIUM | 7.5 HIGH |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. | |||||
| CVE-2020-8250 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2021-08-17 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | |||||
| CVE-2021-34432 | 1 Eclipse | 1 Mosquitto | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. | |||||
| CVE-2018-1262 | 2 Cloudfoundry, Pivotal Software | 3 Cf-deployment, Cloud Foundry Uaa, Cloud Foundry Uaa-release | 2021-08-17 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation. | |||||
| CVE-2021-38565 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm. | |||||
| CVE-2020-36453 | 1 Scottqueue Project | 1 Scottqueue | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>. | |||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | |||||
| CVE-2021-26586 | 1 Hp | 1 Edgeline Infrastructure Management | 2021-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM). | |||||
| CVE-2018-1256 | 1 Vmware | 1 Spring Cloud Sso Connector | 2021-08-12 | 6.8 MEDIUM | 8.1 HIGH |
| Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan. | |||||
| CVE-2021-37543 | 1 Jetbrains | 1 Rubymine | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | |||||
| CVE-2021-35326 | 1 Totolink | 2 A720r, A720r Firmware | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. | |||||
| CVE-2018-0764 | 1 Microsoft | 10 .net Core, .net Framework, Powershell Core and 7 more | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. | |||||
| CVE-2018-0875 | 1 Microsoft | 2 Asp.net Core, Powershell Core | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". | |||||
| CVE-2018-8172 | 1 Microsoft | 3 Expression Blend, Visual Studio, Visual Studio 2017 | 2021-08-12 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | |||||
| CVE-2021-1610 | 1 Cisco | 5 Small Business Rv340, Small Business Rv340w, Small Business Rv345 and 2 more | 2021-08-12 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-32017 | 1 Jump-technology | 1 Asset Management | 2021-08-12 | 4.0 MEDIUM | 7.7 HIGH |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files. | |||||
| CVE-2021-38095 | 1 Planview | 1 Spigit | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request. | |||||
| CVE-2020-13962 | 4 Fedoraproject, Mumble, Opensuse and 1 more | 4 Fedora, Mumble, Leap and 1 more | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) | |||||
| CVE-2021-22416 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | |||||
| CVE-2021-29696 | 1 Ibm | 1 Cloud Pak For Security | 2021-08-10 | 9.0 HIGH | 7.2 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||||
| CVE-2021-37840 | 1 Aapanel | 1 Aapanel | 2021-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome). | |||||
| CVE-2021-33198 | 1 Golang | 1 Go | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | |||||
| CVE-2017-8048 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Capi-release | 2021-08-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||
| CVE-2020-3444 | 1 Cisco | 1 Ios Xe | 2021-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network. | |||||
| CVE-2021-30110 | 1 Greyware | 1 Domain Time Ii | 2021-08-06 | 5.1 MEDIUM | 7.5 HIGH |
| dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates. | |||||
| CVE-2017-4960 | 2 Cloudfoundry, Pivotal Software | 3 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Uaa | 2021-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack. | |||||
| CVE-2020-14999 | 2 Acronis, Microsoft | 2 Agent, Windows | 2021-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | |||||