Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3092 | 4 Apache, Canonical, Debian and 1 more | 6 Commons Fileupload, Tomcat, Ubuntu Linux and 3 more | 2021-07-17 | 7.8 HIGH | 7.5 HIGH |
| The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | |||||
| CVE-2013-2143 | 2 Redhat, Theforeman | 2 Network Satellite, Katello | 2021-07-16 | 6.5 MEDIUM | N/A |
| The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. | |||||
| CVE-2013-4255 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2021-07-15 | 3.5 LOW | N/A |
| The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. | |||||
| CVE-2012-1090 | 3 Linux, Redhat, Suse | 5 Linux Kernel, Enterprise Mrg, Linux Enterprise Desktop and 2 more | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | |||||
| CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 5.8 MEDIUM | N/A |
| The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2009-5136 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2021-07-15 | 4.0 MEDIUM | N/A |
| The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. | |||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| cumin: At installation postgresql database user created without password | |||||
| CVE-2012-2682 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 5.0 MEDIUM | N/A |
| Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link. | |||||
| CVE-2021-0600 | 1 Google | 1 Android | 2021-07-15 | 6.9 MEDIUM | 7.8 HIGH |
| In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963 | |||||
| CVE-2021-25428 | 1 Google | 1 Android | 2021-07-14 | 4.6 MEDIUM | 7.8 HIGH |
| Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | |||||
| CVE-2021-25434 | 1 Linux | 1 Tizen | 2021-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode. | |||||
| CVE-2021-25435 | 1 Linux | 1 Tizen | 2021-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode. | |||||
| CVE-2021-25436 | 1 Linux | 1 Tizen | 2021-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol. | |||||
| CVE-2016-7431 | 1 Ntp | 1 Ntp | 2021-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | |||||
| CVE-2021-25441 | 2 Google, Samsung | 2 Android, Ar Emoji Editor | 2021-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. | |||||
| CVE-2009-1773 | 1 Activecollab | 1 Activecollab | 2021-07-12 | 5.0 MEDIUM | N/A |
| activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message. | |||||
| CVE-2020-25868 | 1 Pexip | 1 Pexip Infinity | 2021-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). | |||||
| CVE-2021-26036 | 1 Joomla | 1 Joomla\! | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | |||||
| CVE-2021-31925 | 1 Pexip | 1 Pexip Infinity | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. | |||||
| CVE-2021-27196 | 1 Abb | 18 Fox615 Tego1, Fox615 Tego1 Firmware, Gms600 and 15 more | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. | |||||