Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36472 | 1 Max7301 Project | 1 Max7301 | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types that they contain. | |||||
| CVE-2020-36471 | 1 Generator Project | 1 Generator | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds. | |||||
| CVE-2020-36470 | 1 Disrustor Project | 1 Disrustor | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references. | |||||
| CVE-2020-36469 | 1 Appendix Project | 1 Appendix | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. | |||||
| CVE-2020-36468 | 1 Cgc Project | 1 Cgc | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. | |||||
| CVE-2020-36453 | 1 Scottqueue Project | 1 Scottqueue | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>. | |||||
| CVE-2021-38194 | 1 Arcworks | 1 Ark-r1cs-std | 2021-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified. | |||||
| CVE-2020-36467 | 1 Cgc Project | 1 Cgc | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. | |||||
| CVE-2020-36466 | 1 Cgc Project | 1 Cgc | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types. | |||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | |||||
| CVE-2021-26586 | 1 Hp | 1 Edgeline Infrastructure Management | 2021-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM). | |||||
| CVE-2021-22920 | 1 Citrix | 2 Application Delivery Management, Gateway | 2021-08-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session. | |||||
| CVE-2021-29978 | 1 Mozilla | 1 Mozilla Vpn | 2021-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3. | |||||
| CVE-2017-5947 | 1 Oneplus | 7 Oneplus 2, Oneplus 3, Oneplus 3t and 4 more | 2021-08-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader. | |||||
| CVE-2017-4942 | 1 Vmware | 1 Airwatch Console | 2021-08-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. | |||||
| CVE-2018-1256 | 1 Vmware | 1 Spring Cloud Sso Connector | 2021-08-12 | 6.8 MEDIUM | 8.1 HIGH |
| Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan. | |||||
| CVE-2021-38573 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated. | |||||
| CVE-2021-33794 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-08-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. | |||||
| CVE-2021-37543 | 1 Jetbrains | 1 Rubymine | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | |||||
| CVE-2021-38572 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated. | |||||
| CVE-2021-37549 | 1 Jetbrains | 1 Youtrack | 2021-08-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. | |||||
| CVE-2021-35326 | 1 Totolink | 2 A720r, A720r Firmware | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. | |||||
| CVE-2021-37547 | 1 Jetbrains | 1 Teamcity | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. | |||||
| CVE-2021-33597 | 3 Apple, F-secure, Microsoft | 6 Macos, Business Suite, Client Security and 3 more | 2021-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | |||||
| CVE-2019-11580 | 1 Atlassian | 1 Crowd | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability. | |||||
| CVE-2018-0875 | 1 Microsoft | 2 Asp.net Core, Powershell Core | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". | |||||
| CVE-2018-0764 | 1 Microsoft | 10 .net Core, .net Framework, Powershell Core and 7 more | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. | |||||
| CVE-2021-25444 | 1 Google | 1 Android | 2021-08-12 | 2.1 LOW | 5.5 MEDIUM |
| An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process. | |||||
| CVE-2018-8172 | 1 Microsoft | 3 Expression Blend, Visual Studio, Visual Studio 2017 | 2021-08-12 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | |||||
| CVE-2021-1610 | 1 Cisco | 5 Small Business Rv340, Small Business Rv340w, Small Business Rv345 and 2 more | 2021-08-12 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-32017 | 1 Jump-technology | 1 Asset Management | 2021-08-12 | 4.0 MEDIUM | 7.7 HIGH |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files. | |||||
| CVE-2021-1609 | 1 Cisco | 5 Small Business Rv340, Small Business Rv340w, Small Business Rv345 and 2 more | 2021-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-38095 | 1 Planview | 1 Spigit | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request. | |||||
| CVE-2021-32787 | 1 Sourcegraph | 1 Sourcegraph | 2021-08-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading. | |||||
| CVE-2020-13962 | 4 Fedoraproject, Mumble, Opensuse and 1 more | 4 Fedora, Mumble, Leap and 1 more | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) | |||||
| CVE-2021-36701 | 1 Htmly | 1 Htmly | 2021-08-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host. | |||||
| CVE-2021-22417 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. | |||||
| CVE-2021-22416 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | |||||
| CVE-2021-27942 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2021-08-11 | 7.2 HIGH | 6.8 MEDIUM |
| Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed. | |||||
| CVE-2020-24827 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2021-29696 | 1 Ibm | 1 Cloud Pak For Security | 2021-08-10 | 9.0 HIGH | 7.2 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||||
| CVE-2021-29697 | 1 Ibm | 1 Cloud Pak For Security | 2021-08-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. | |||||
| CVE-2021-37840 | 1 Aapanel | 1 Aapanel | 2021-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome). | |||||
| CVE-2021-33198 | 1 Golang | 1 Go | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | |||||
| CVE-2021-20332 | 1 Mongodb | 1 Rust Driver | 2021-08-10 | 2.1 LOW | 4.4 MEDIUM |
| Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default. | |||||
| CVE-2020-24513 | 2 Debian, Intel | 65 Debian Linux, Atom C3308, Atom C3336 and 62 more | 2021-08-10 | 2.1 LOW | 6.5 MEDIUM |
| Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2017-8048 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Capi-release | 2021-08-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||
| CVE-2021-33617 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2021-08-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | |||||
| CVE-2021-37436 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2021-08-09 | 1.9 LOW | 4.2 MEDIUM |
| Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | |||||
| CVE-2021-20505 | 1 Ibm | 1 Powervm Hypervisor | 2021-08-09 | 3.5 LOW | 4.4 MEDIUM |
| The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232 | |||||