Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11038 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2021-09-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. | |||||
| CVE-2019-18808 | 3 Fedoraproject, Linux, Opensuse | 3 Fedora, Linux Kernel, Leap | 2021-09-14 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. | |||||
| CVE-2021-28567 | 1 Magento | 1 Magento | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation. | |||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2021-09-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | |||||
| CVE-2021-28675 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2021-09-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. | |||||
| CVE-2021-31806 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Cloud Manager and 1 more | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | |||||
| CVE-2021-26580 | 1 Hpe | 1 Integrated Lights-out Amplifier | 2021-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.95 or later. | |||||
| CVE-2021-28569 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-09-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-9743 | 1 Adobe | 1 Experience Manager | 2021-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing). | |||||
| CVE-2021-32766 | 1 Nextcloud | 1 Nextcloud | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings. | |||||
| CVE-2020-10290 | 1 Sintef | 1 Urx | 2021-09-14 | 7.2 HIGH | 6.8 MEDIUM |
| Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system | |||||
| CVE-2020-10277 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2021-09-14 | 4.6 MEDIUM | 6.4 MEDIUM |
| There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine. | |||||
| CVE-2021-39194 | 1 Kaml Project | 1 Kaml | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected. YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue. Version 0.35.3 or later contain the fix for this issue. | |||||
| CVE-2021-21417 | 2 Debian, Fluidsynth | 2 Debian Linux, Fluidsynth | 2021-09-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file. | |||||
| CVE-2021-22194 | 1 Gitlab | 1 Gitlab | 2021-09-14 | 2.1 LOW | 4.4 MEDIUM |
| In all versions of GitLab, marshalled session keys were being stored in Redis. | |||||
| CVE-2021-32801 | 1 Nextcloud | 1 Nextcloud | 2021-09-14 | 2.1 LOW | 5.5 MEDIUM |
| Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. | |||||
| CVE-2021-37631 | 1 Nextcloud | 1 Deck | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin. | |||||
| CVE-2021-37630 | 1 Nextcloud | 1 Circles | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue. | |||||
| CVE-2021-39195 | 1 Misskey | 1 Misskey | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running. | |||||
| CVE-2021-37629 | 1 Nextcloud | 1 Richdocuments | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled. | |||||
| CVE-2021-39199 | 1 Remark | 1 Remark-html | 2021-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitrary HTML can be passed through leading to potential XSS attacks. The problem has been patched in 13.0.2 and 14.0.1: `remark-html` is now safe by default, and the implementation matches the documentation. On older affected versions, pass `sanitize: true` if you cannot update. | |||||
| CVE-2020-24701 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). | |||||
| CVE-2021-35949 | 1 Owncloud | 1 Owncloud | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | |||||
| CVE-2020-24700 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-09-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. | |||||
| CVE-2021-35947 | 1 Owncloud | 1 Owncloud | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | |||||
| CVE-2021-34147 | 1 Cypress | 2 Cyw20735b1, Wireless Internet Connectivity For Embedded Devices | 2021-09-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. | |||||
| CVE-2021-34145 | 1 Cypress | 2 Cyw20735b1, Wireless Internet Connectivity For Embedded Devices | 2021-09-14 | 2.9 LOW | 5.3 MEDIUM |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. | |||||
| CVE-2021-34148 | 1 Cypress | 2 Cyw20735b1, Wireless Internet Connectivity For Embedded Devices | 2021-09-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. | |||||
| CVE-2021-34146 | 1 Cypress | 4 Cyw20735b1, Cyw20735b1 Firmware, Cyw920735q60evb-01 and 1 more | 2021-09-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. | |||||
| CVE-2020-19201 | 1 Netgate | 1 Pfsense | 2021-09-14 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. | |||||
| CVE-2021-32559 | 1 Pywin32 Project | 1 Pywin32 | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process. | |||||
| CVE-2020-29012 | 1 Fortinet | 1 Fortisandbox | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | |||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2021-09-14 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | |||||
| CVE-2021-0051 | 1 Intel | 16 Atom P5921b, Atom P5931b, Atom P5942b and 13 more | 2021-09-14 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC-A_05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-31807 | 3 Fedoraproject, Netapp, Squid-cache | 3 Fedora, Cloud Manager, Squid | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | |||||
| CVE-2021-39122 | 1 Atlassian | 2 Data Center, Jira | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. | |||||
| CVE-2021-28807 | 1 Qnap | 4 Q\'center, Qts, Quts Hero and 1 more | 2021-09-14 | 3.5 LOW | 5.4 MEDIUM |
| A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later | |||||
| CVE-2021-28678 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2021-09-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. | |||||
| CVE-2021-38323 | 1 30lines | 1 Rentpress | 2021-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4. | |||||
| CVE-2020-10618 | 1 Lcds | 1 Laquis Scada | 2021-09-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. | |||||
| CVE-2021-39121 | 1 Atlassian | 2 Data Center, Jira | 2021-09-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. | |||||
| CVE-2021-40377 | 1 Smartertools | 1 Smartermail | 2021-09-14 | 3.5 LOW | 5.4 MEDIUM |
| SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. | |||||
| CVE-2020-11009 | 1 Pagerduty | 1 Rundeck | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6 | |||||
| CVE-2020-1774 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2021-09-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions. | |||||
| CVE-2021-34143 | 1 Zh-jieli | 15 Ac6936, Ac6951, Ac6952 and 12 more | 2021-09-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device. | |||||
| CVE-2020-11420 | 2 Abb, Generex | 4 Cs141, Cs141 Firmware, Cs141 and 1 more | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only. | |||||
| CVE-2020-8316 | 1 Lenovo | 1 Vantage | 2021-09-14 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | |||||
| CVE-2020-1730 | 4 Fedoraproject, Libssh, Oracle and 1 more | 4 Fedora, Libssh, Mysql Workbench and 1 more | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. | |||||
| CVE-2020-1625 | 1 Juniper | 1 Junos | 2021-09-14 | 3.3 LOW | 6.5 MEDIUM |
| The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of "temp" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the 'show system virtual-memory' command as shown below: user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 and 15.1. | |||||
| CVE-2020-10598 | 1 Bd | 4 Pyxis Anesthesia Station Es, Pyxis Anesthesia Station Es Firmware, Pyxis Medstation Es and 1 more | 2021-09-14 | 3.6 LOW | 6.1 MEDIUM |
| In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data. | |||||