Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20348 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2021-06-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597. | |||||
| CVE-2021-32458 | 1 Trendmicro | 1 Home Network Security | 2021-06-07 | 7.2 HIGH | 7.8 HIGH |
| Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. | |||||
| CVE-2021-20347 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2021-06-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596. | |||||
| CVE-2021-20346 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2021-06-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595. | |||||
| CVE-2021-20345 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2021-06-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594. | |||||
| CVE-2021-20343 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2021-06-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593. | |||||
| CVE-2021-20338 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2021-06-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449. | |||||
| CVE-2020-5030 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2021-06-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737. | |||||
| CVE-2020-14327 | 1 Redhat | 1 Ansible Tower | 2021-06-07 | 2.1 LOW | 5.5 MEDIUM |
| A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response. | |||||
| CVE-2020-14329 | 1 Redhat | 1 Ansible Tower | 2021-06-07 | 2.1 LOW | 3.3 LOW |
| A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-14328 | 1 Redhat | 1 Ansible Tower | 2021-06-07 | 2.1 LOW | 3.3 LOW |
| A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-36007 | 1 Appcms | 1 Appcms | 2021-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users. | |||||
| CVE-2019-4031 | 1 Ibm | 1 Tivoli Workload Scheduler | 2021-06-07 | 7.2 HIGH | 7.8 HIGH |
| IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997. | |||||
| CVE-2018-1386 | 1 Ibm | 1 Tivoli Workload Scheduler | 2021-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208. | |||||
| CVE-2021-33839 | 1 Luca-app | 1 Luca | 2021-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting. | |||||
| CVE-2020-17514 | 1 Apache | 1 Fineract | 2021-06-07 | 5.8 MEDIUM | 7.4 HIGH |
| Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful. | |||||
| CVE-2009-0127 | 1 Heikkitoivonen | 1 M2crypto | 2021-06-07 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto." | |||||
| CVE-2020-5416 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2021-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. | |||||
| CVE-2008-2544 | 1 Linux | 1 Linux Kernel | 2021-06-07 | 2.1 LOW | 5.5 MEDIUM |
| Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | |||||
| CVE-2021-32459 | 1 Trendmicro | 1 Home Network Security | 2021-06-07 | 5.5 MEDIUM | 6.5 MEDIUM |
| Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability. | |||||
| CVE-2021-22743 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. | |||||
| CVE-2021-22744 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE-2021-22747. | |||||
| CVE-2021-22742 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. | |||||
| CVE-2021-22745 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE-2021-22747. | |||||
| CVE-2021-22746 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22747. | |||||
| CVE-2021-22741 | 1 Schneider-electric | 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2021-06-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes. | |||||
| CVE-2021-22747 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746. | |||||
| CVE-2021-22411 | 1 Huawei | 10 Ngfw Module, Ngfw Module Firmware, Secospace Usg6300 and 7 more | 2021-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service of the module.Affected product versions include: NGFW Module versions V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;USG9500 versions V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200. | |||||
| CVE-2013-4988 | 1 Icofx | 1 Icofx | 2021-06-07 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2021-31474 | 1 Solarwinds | 1 Network Performance Monitor | 2021-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213. | |||||
| CVE-2017-9629 | 1 Schneider-electric | 1 Wonderware Archestra Logger | 2021-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account. | |||||
| CVE-2017-9627 | 1 Schneider-electric | 1 Wonderware Archestra Logger | 2021-06-07 | 5.0 MEDIUM | 8.6 HIGH |
| An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service. | |||||
| CVE-2017-5522 | 2 Debian, Osgeo | 2 Debian Linux, Mapserver | 2021-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | |||||
| CVE-2013-7262 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. | |||||
| CVE-2009-0839 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action. | |||||
| CVE-2016-9839 | 1 Osgeo | 1 Mapserver | 2021-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | |||||
| CVE-2011-2975 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data. | |||||
| CVE-2011-2703 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. | |||||
| CVE-2010-2539 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 2.1 LOW | N/A |
| Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files. | |||||
| CVE-2018-16498 | 1 Versa-networks | 1 Versa Director | 2021-06-07 | 2.1 LOW | 5.5 MEDIUM |
| In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores. | |||||
| CVE-2021-20575 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2021-06-07 | 2.1 LOW | 3.3 LOW |
| IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. | |||||
| CVE-2020-22038 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. | |||||
| CVE-2020-22040 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. | |||||
| CVE-2020-22039 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. | |||||
| CVE-2020-22043 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | |||||
| CVE-2020-22051 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. | |||||
| CVE-2020-22056 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | |||||
| CVE-2018-16496 | 1 Versa-networks | 1 Versa Director | 2021-06-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Versa Director, the un-authentication request found. | |||||
| CVE-2017-20002 | 1 Debian | 2 Debian Linux, Shadow | 2021-06-07 | 4.6 MEDIUM | 7.8 HIGH |
| The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. | |||||
| CVE-2021-22360 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2021-06-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. | |||||