Search
Total
2136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5301 | 1 Simplesamlphp | 1 Simplesamlphp | 2021-09-14 | 3.5 LOW | 3.1 LOW |
| SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6. | |||||
| CVE-2020-1987 | 1 Paloaltonetworks | 1 Globalprotect | 2021-09-14 | 2.1 LOW | 3.3 LOW |
| An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1. | |||||
| CVE-2020-18974 | 1 Nasm | 1 Netwide Assembler | 2021-09-14 | 4.3 MEDIUM | 3.3 LOW |
| Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | |||||
| CVE-2019-1573 | 1 Paloaltonetworks | 1 Globalprotect | 2021-09-14 | 1.9 LOW | 2.5 LOW |
| GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. | |||||
| CVE-2017-5928 | 1 W3 | 1 High Resolution Time Api | 2021-09-13 | 4.3 MEDIUM | 3.7 LOW |
| The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code. | |||||
| CVE-2021-40089 | 1 Primekey | 1 Ejbca | 2021-09-09 | 1.9 LOW | 2.3 LOW |
| An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run. | |||||
| CVE-2021-34563 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2021-09-09 | 2.1 LOW | 3.3 LOW |
| In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. | |||||
| CVE-2021-36074 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-09-09 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36071 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-09-09 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24512 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2021-09-09 | 2.1 LOW | 3.3 LOW |
| Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-21061 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21046 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24438 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24427 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-9710 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9707 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9706 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-3972 | 2 Apple, Vmware | 2 Macos, Tools | 2021-09-08 | 2.1 LOW | 3.3 LOW |
| VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. | |||||
| CVE-2017-5081 | 5 Apple, Debian, Google and 2 more | 6 Macos, Debian Linux, Android and 3 more | 2021-09-08 | 2.1 LOW | 3.3 LOW |
| Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. | |||||
| CVE-2021-36019 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36018 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35995 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-09-08 | 4.3 MEDIUM | 3.3 LOW |
| Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40087 | 1 Primekey | 1 Ejbca | 2021-09-07 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST. | |||||
| CVE-2021-27913 | 1 Acquia | 1 Mautic | 2021-09-03 | 3.5 LOW | 3.5 LOW |
| The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. | |||||
| CVE-2021-35988 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-09-01 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35987 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-09-01 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-22245 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 2.7 LOW |
| Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | |||||
| CVE-2016-0281 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | |||||
| CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-28630 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-08-30 | 6.8 MEDIUM | 3.3 LOW |
| Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose potential sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36007 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2021-08-30 | 6.8 MEDIUM | 3.3 LOW |
| Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36006 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2021-08-30 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) are affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36001 | 2 Adobe, Microsoft | 2 Character Animator, Windows | 2021-08-30 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Character Animator version 4.2 (and earlier) is affected by an out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28643 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-26 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2015-3189 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2021-08-25 | 4.3 MEDIUM | 3.7 LOW |
| With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | |||||
| CVE-2021-36014 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-08-25 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35992 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-08-25 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36010 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-08-25 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-36473 | 1 Ucweb | 1 Ucweb Uc | 2021-08-24 | 4.3 MEDIUM | 3.7 LOW |
| UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs. | |||||
| CVE-2021-20761 | 1 Cybozu | 1 Garoon | 2021-08-24 | 3.5 LOW | 2.7 LOW |
| Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege. | |||||
| CVE-2021-32068 | 1 Mitel | 1 Micollab | 2021-08-23 | 4.3 MEDIUM | 3.7 LOW |
| The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state. | |||||
| CVE-2021-21597 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2021-08-23 | 2.1 LOW | 3.9 LOW |
| Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2021-21598 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2021-08-23 | 2.1 LOW | 3.9 LOW |
| Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files. | |||||
| CVE-2021-38365 | 1 Tonewinner | 2 Winner Desktop Speakers, Winner Desktop Speakers Firmware | 2021-08-20 | 4.3 MEDIUM | 3.7 LOW |
| Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | |||||
| CVE-2021-38372 | 1 Kde | 1 Trojita | 2021-08-20 | 4.3 MEDIUM | 3.7 LOW |
| In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. | |||||
| CVE-2021-38591 | 1 Google | 1 Android | 2021-08-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021). | |||||
| CVE-2021-3047 | 1 Paloaltonetworks | 1 Pan-os | 2021-08-19 | 3.5 LOW | 3.1 LOW |
| A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted. | |||||
| CVE-2021-33595 | 1 F-secure | 1 Safe | 2021-08-19 | 3.5 LOW | 3.5 LOW |
| A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33594 | 1 F-secure | 1 Safe | 2021-08-19 | 3.5 LOW | 3.5 LOW |
| An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2020-18464 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 3.5 LOW | 3.5 LOW |
| Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. | |||||