Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7539 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. | |||||
| CVE-2017-2673 | 1 Redhat | 1 Openstack | 2021-08-04 | 6.5 MEDIUM | 7.2 HIGH |
| An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles. | |||||
| CVE-2017-7466 | 1 Redhat | 2 Ansible, Openstack | 2021-08-04 | 8.5 HIGH | 8.0 HIGH |
| Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | |||||
| CVE-2018-11806 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2021-08-04 | 7.2 HIGH | 8.2 HIGH |
| m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | |||||
| CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2021-08-04 | 6.0 MEDIUM | 7.5 HIGH |
| puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | |||||
| CVE-2018-1000115 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. | |||||
| CVE-2017-10664 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Enterprise Linux and 8 more | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |||||
| CVE-2016-4985 | 2 Canonical, Redhat | 2 Openstack Ironic, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource. | |||||
| CVE-2016-5126 | 5 Canonical, Debian, Oracle and 2 more | 13 Ubuntu Linux, Debian Linux, Linux and 10 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. | |||||
| CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more | 2021-08-04 | 7.2 HIGH | 8.8 HIGH |
| The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |||||
| CVE-2021-3663 | 1 Firefly-iii | 1 Firefly Iii | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | |||||
| CVE-2018-10899 | 2 Jolokia, Redhat | 2 Jolokia, Openstack | 2021-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | |||||
| CVE-2019-3895 | 2 Openstack, Redhat | 2 Octavia, Openstack | 2021-08-04 | 6.8 MEDIUM | 8.0 HIGH |
| An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image. | |||||
| CVE-2018-17205 | 3 Canonical, Openvswitch, Redhat | 3 Ubuntu Linux, Openvswitch, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. | |||||
| CVE-2017-15139 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. | |||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 9 Ubuntu Linux, Debian Linux, Postgresql and 6 more | 2021-08-04 | 6.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | |||||
| CVE-2018-10898 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2021-08-04 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. | |||||
| CVE-2018-10903 | 3 Canonical, Cryptography, Redhat | 3 Ubuntu Linux, Python-cryptography, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. | |||||
| CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | |||||
| CVE-2018-10874 | 1 Redhat | 4 Ansible Engine, Openstack, Virtualization and 1 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | |||||
| CVE-2021-22001 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server. | |||||
| CVE-2020-13881 | 2 Debian, Pam Tacplus Project | 2 Debian Linux, Pam Tacplus | 2021-08-04 | 4.3 MEDIUM | 7.5 HIGH |
| In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | |||||
| CVE-2021-3540 | 1 Ivanti | 1 Mobileiron | 2021-08-04 | 9.0 HIGH | 7.2 HIGH |
| By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||||
| CVE-2020-18173 | 1 1password | 1 1password | 2021-08-04 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | |||||
| CVE-2021-25804 | 1 Videolan | 1 Vlc Media Player | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. | |||||
| CVE-2021-34802 | 1 Neo4j | 1 Graph Databse | 2021-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges. | |||||
| CVE-2020-18157 | 1 Metinfo | 1 Metinfo | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | |||||
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | |||||
| CVE-2020-18428 | 1 Tinyexr Project | 1 Tinyexr | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). | |||||
| CVE-2015-2098 | 1 Webgateinc | 1 Edvr Manager | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control. | |||||
| CVE-2015-2099 | 1 Webgateinc | 1 Control Center | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control. | |||||
| CVE-2020-18430 | 1 Tinyexr Project | 1 Tinyexr | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). | |||||
| CVE-2021-25318 | 1 Rancher | 1 Rancher | 2021-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16. | |||||
| CVE-2020-12731 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | |||||
| CVE-2021-1618 | 1 Cisco | 1 Intersight Virtual Appliance | 2021-08-03 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2015-2100 | 1 Webgate | 2 Control Center, Edvr Manager | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control. | |||||
| CVE-2021-1518 | 1 Cisco | 1 Firepower Device Manager On-box | 2021-08-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials. | |||||
| CVE-2021-3344 | 1 Redhat | 2 Openshift Builder, Openshift Container Platform | 2021-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. | |||||
| CVE-2019-12761 | 1 Python | 1 Pyxdg | 2021-08-03 | 5.1 MEDIUM | 7.5 HIGH |
| A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call. | |||||
| CVE-2020-13933 | 1 Apache | 1 Shiro | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | |||||
| CVE-2021-25808 | 1 Bludit | 1 Bludit | 2021-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2021-3198 | 1 Ivanti | 1 Mobileiron | 2021-08-02 | 9.0 HIGH | 7.2 HIGH |
| By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||||
| CVE-2020-23283 | 1 Mv | 1 Mconnect | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. | |||||
| CVE-2021-28053 | 1 Centreon | 1 Centreon | 2021-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters. | |||||
| CVE-2021-35962 | 1 Secom | 2 Door Access Control, Personnel Attendance System | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. | |||||
| CVE-2019-8460 | 1 Openbsd | 1 Openbsd | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. | |||||
| CVE-2020-5315 | 1 Dell | 1 Emc Repository Manager | 2021-08-02 | 2.1 LOW | 8.8 HIGH |
| Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user. | |||||
| CVE-2021-32463 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2021-08-02 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-5316 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2021-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. | |||||
| CVE-2021-20596 | 1 Mitsubishielectric | 3 Fx3u-enet-l Firmware, Fx3u-enet-p502 Firmware, Fx3u-enet Firmware | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery. | |||||