Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31447 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13269. | |||||
| CVE-2021-31453 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13092. | |||||
| CVE-2021-31452 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13091. | |||||
| CVE-2021-31450 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13084. | |||||
| CVE-2021-31451 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13089. | |||||
| CVE-2021-31454 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Decimal element. A crafted leadDigits value in a Decimal element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-13095. | |||||
| CVE-2021-31455 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13100. | |||||
| CVE-2021-31456 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2021-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13102. | |||||
| CVE-2021-31457 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2021-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13147. | |||||
| CVE-2021-31458 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2021-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13150. | |||||
| CVE-2021-31459 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2021-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13162. | |||||
| CVE-2021-31460 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2021-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13096. | |||||
| CVE-2021-31434 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12377. | |||||
| CVE-2021-31433 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12333. | |||||
| CVE-2021-31435 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12331. | |||||
| CVE-2021-31437 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12384. | |||||
| CVE-2021-31436 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12376. | |||||
| CVE-2021-31438 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12443. | |||||
| CVE-2021-20550 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2021-05-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168. | |||||
| CVE-2021-20549 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2021-05-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167. | |||||
| CVE-2021-20448 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2021-05-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624. | |||||
| CVE-2020-15706 | 6 Canonical, Debian, Gnu and 3 more | 13 Ubuntu Linux, Debian Linux, Grub2 and 10 more | 2021-05-01 | 4.4 MEDIUM | 6.4 MEDIUM |
| GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. | |||||
| CVE-2021-20515 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Informix Dynamic Server and 3 more | 2021-04-30 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. | |||||
| CVE-2021-20532 | 2 Ibm, Microsoft | 3 Spectrum Protect Backup-archive Client, Spectrum Protect For Virtual Environments, Windows | 2021-04-30 | 7.2 HIGH | 7.8 HIGH |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811. | |||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2021-04-30 | 2.1 LOW | 6.2 MEDIUM |
| IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | |||||
| CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2021-04-29 | 5.0 MEDIUM | 8.6 HIGH |
| There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | |||||
| CVE-2020-7861 | 2 Anysupport, Microsoft | 2 Anysupport, Windows | 2021-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution. | |||||
| CVE-2020-7851 | 4 Apple, Innorix, Linux and 1 more | 4 Macos, File Transfer Solution, Linux Kernel and 1 more | 2021-04-23 | 6.8 MEDIUM | 7.8 HIGH |
| Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-12695 | 18 Asus, Broadcom, Canon and 15 more | 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more | 2021-04-23 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2021-21384 | 3 Microsoft, Opengroup, Shescape Project | 3 Windows, Unix, Shescape | 2021-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required. | |||||
| CVE-2021-26582 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso Dgfw, Windows and 1 more | 2021-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). | |||||
| CVE-2018-1457 | 3 Ibm, Linux, Microsoft | 3 Rational Doors, Linux Kernel, Windows | 2021-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208. | |||||
| CVE-2021-28826 | 2 Microsoft, Tibco | 2 Windows, Messaging - Eclipse Mosquitto Distribution - Bridge | 2021-04-22 | 7.2 HIGH | 7.8 HIGH |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below. | |||||
| CVE-2021-28825 | 2 Microsoft, Tibco | 2 Windows, Messaging - Eclipse Mosquitto Distribution - Core | 2021-04-22 | 7.2 HIGH | 7.8 HIGH |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below. | |||||
| CVE-2021-21091 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-04-20 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21092 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21093 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21095 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21094 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-29221 | 2 Erlang, Microsoft | 2 Erlang\/otp, Windows | 2021-04-20 | 6.2 MEDIUM | 7.0 HIGH |
| A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. | |||||
| CVE-2021-3146 | 2 Dolby, Microsoft | 5 Audio X2, Exchange Server, Visual C\+\+ and 2 more | 2021-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. | |||||
| CVE-2021-20334 | 2 Microsoft, Mongodb | 2 Windows, Compass | 2021-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows. | |||||
| CVE-2009-3588 | 4 Broadcom, Ca, Linux and 1 more | 35 Anti-virus, Anti-virus For The Enterprise, Anti-virus Sdk and 32 more | 2021-04-14 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. | |||||
| CVE-2021-20480 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. | |||||
| CVE-2020-4976 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2021-04-12 | 3.6 LOW | 4.4 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469. | |||||
| CVE-2020-5025 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2021-04-12 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661. | |||||
| CVE-2020-5024 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2021-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660. | |||||
| CVE-1999-1322 | 2 Broadcom, Microsoft | 3 Arcserve Backup, Inoculan, Exchange Server | 2021-04-09 | 4.6 MEDIUM | N/A |
| The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. | |||||
| CVE-2008-5529 | 1 Microsoft | 1 Internet Explorer | 2021-04-09 | 9.3 HIGH | N/A |
| CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2012-1662 | 2 Broadcom, Microsoft | 2 Arcserve Backup, Windows | 2021-04-07 | 5.0 MEDIUM | N/A |
| CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. | |||||