Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7387 | 1 Sage | 3 Adxadmin, X3, X3 Hr \& Payroll | 2021-08-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor. | |||||
| CVE-2020-3465 | 1 Cisco | 19 1100-4p, 1100-8p, 1100 Terminal Services Gateways and 16 more | 2021-08-06 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2020-3444 | 1 Cisco | 1 Ios Xe | 2021-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network. | |||||
| CVE-2020-3441 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2021-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. | |||||
| CVE-2020-3362 | 1 Cisco | 1 Network Services Orchestrator | 2021-08-06 | 1.9 LOW | 4.7 MEDIUM |
| A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only. | |||||
| CVE-2021-30110 | 1 Greyware | 1 Domain Time Ii | 2021-08-06 | 5.1 MEDIUM | 7.5 HIGH |
| dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates. | |||||
| CVE-2017-4960 | 2 Cloudfoundry, Pivotal Software | 3 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Uaa | 2021-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack. | |||||
| CVE-2020-14999 | 2 Acronis, Microsoft | 2 Agent, Windows | 2021-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | |||||
| CVE-2021-21443 | 1 Otrs | 1 Otrs | 2021-08-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27. | |||||
| CVE-2021-21440 | 1 Otrs | 1 Otrs | 2021-08-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. | |||||
| CVE-2019-20467 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2021-08-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The usernames and passwords of the backdoor accounts are the same on all devices. Attackers can use these backdoor accounts to obtain access and execute code as root within the device. | |||||
| CVE-2016-4020 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2021-08-04 | 2.1 LOW | 6.5 MEDIUM |
| The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). | |||||
| CVE-2017-10664 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Enterprise Linux and 8 more | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |||||
| CVE-2019-10876 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2021-08-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected. | |||||
| CVE-2017-10906 | 2 Fluentd, Redhat | 2 Fluentd, Openstack | 2021-08-04 | 10.0 HIGH | 9.8 CRITICAL |
| Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. | |||||
| CVE-2021-22001 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server. | |||||
| CVE-2020-17952 | 1 Twothink Project | 1 Twothink | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code. | |||||
| CVE-2021-34261 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. | |||||
| CVE-2021-34267 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. | |||||
| CVE-2021-34268 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. | |||||
| CVE-2020-13933 | 1 Apache | 1 Shiro | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | |||||
| CVE-2019-1547 | 1 Openssl | 1 Openssl | 2021-07-31 | 1.9 LOW | 4.7 MEDIUM |
| Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | |||||
| CVE-2020-19492 | 1 Sam2p Project | 1 Sam2p | 2021-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | |||||
| CVE-2020-19498 | 1 Struktur | 1 Libheif | 2021-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts. | |||||
| CVE-2018-6448 | 1 Broadcom | 1 Fabric Operating System | 2021-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. | |||||
| CVE-2016-1227 | 2 Ntt-east, Ntt-west | 12 Pr-400mi, Pr-400mi Firmware, Rt-400mi and 9 more | 2021-07-30 | 6.5 MEDIUM | 7.2 HIGH |
| NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-35482 | 1 Barco | 1 Mirrorop Windows Sender | 2021-07-30 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system. | |||||
| CVE-2020-36327 | 1 Bundler | 1 Bundler | 2021-07-30 | 9.3 HIGH | 8.8 HIGH |
| Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | |||||
| CVE-2021-3614 | 1 Lenovo | 42 100e 2nd Gen, 100e 2nd Gen Firmware, 300e 2nd Gen and 39 more | 2021-07-30 | 4.4 MEDIUM | 6.8 MEDIUM |
| A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage. | |||||
| CVE-2021-3453 | 1 Lenovo | 42 730s-13iml, 730s-13iml Firmware, Ideacentre Aio 5-24imb05 and 39 more | 2021-07-30 | 2.1 LOW | 4.6 MEDIUM |
| Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. | |||||
| CVE-2021-23409 | 1 Go-proxyproto Project | 1 Go-proxyproto | 2021-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. | |||||
| CVE-2021-37155 | 1 Wolfssl | 1 Wolfssl | 2021-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. | |||||
| CVE-2021-34618 | 1 Aruba | 1 Aruba Instant | 2021-07-29 | 3.3 LOW | 6.5 MEDIUM |
| A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-36213 | 1 Hashicorp | 1 Consul | 2021-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1. | |||||
| CVE-2020-36427 | 1 Gnome | 1 Gthumb | 2021-07-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. | |||||
| CVE-2021-26081 | 1 Atlassian | 2 Data Center, Jira | 2021-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint. | |||||
| CVE-2009-0994 | 1 Oracle | 1 Application Server | 2021-07-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-1017. | |||||
| CVE-2008-1824 | 1 Oracle | 1 Application Server | 2021-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02. | |||||
| CVE-2008-1814 | 1 Oracle | 3 Application Server, Collaboration Suite, Database | 2021-07-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04. | |||||
| CVE-2009-0989 | 1 Oracle | 1 Application Server | 2021-07-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0990. | |||||
| CVE-2009-0990 | 1 Oracle | 1 Application Server | 2021-07-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0989. | |||||
| CVE-2009-0996 | 1 Oracle | 1 Application Server | 2021-07-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2009-1017 | 1 Oracle | 1 Application Server | 2021-07-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994. | |||||
| CVE-2008-7235 | 1 Oracle | 2 Application Server, E-business Suite | 2021-07-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04. | |||||
| CVE-2008-7234 | 1 Oracle | 1 Application Server | 2021-07-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Server 10.1.2.2 and 10.1.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, aka AS03. | |||||
| CVE-2008-7236 | 1 Oracle | 1 Application Server | 2021-07-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to affect integrity via unknown vectors, aka AS05. | |||||
| CVE-2008-7237 | 1 Oracle | 1 Application Server | 2021-07-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06. | |||||
| CVE-2021-36797 | 1 Victronenergy | 1 Venus Os | 2021-07-28 | 7.2 HIGH | 6.8 MEDIUM |
| ** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about an alleged "security best practices" violation. | |||||
| CVE-2021-34691 | 2 Idrive, Linux | 2 Remotepc, Linux Kernel | 2021-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | |||||
| CVE-2008-7220 | 2 Debian, Prototypejs | 2 Debian Linux, Prototype | 2021-07-27 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. | |||||