Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7679 | 1 Microfocus | 1 Solutions Business Manager | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | |||||
| CVE-2008-5529 | 1 Microsoft | 1 Internet Explorer | 2021-04-09 | 9.3 HIGH | N/A |
| CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2014-8361 | 2 D-link, Realtek | 11 Dir-600l, Dir-600l Firmware, Dir-605l and 8 more | 2021-04-09 | 10.0 HIGH | N/A |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. | |||||
| CVE-2021-1748 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2021-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2021-21533 | 1 Dell | 1 Wyse Management Suite | 2021-04-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details | |||||
| CVE-2012-1662 | 2 Broadcom, Microsoft | 2 Arcserve Backup, Windows | 2021-04-07 | 5.0 MEDIUM | N/A |
| CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. | |||||
| CVE-2012-2972 | 1 Microsoft | 1 Windows | 2021-04-07 | 5.0 MEDIUM | N/A |
| The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. | |||||
| CVE-2014-1219 | 1 Broadcom | 1 2e Web Option | 2021-04-07 | 5.1 MEDIUM | N/A |
| CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm. | |||||
| CVE-2021-30004 | 1 W1.fi | 2 Hostapd, Wpa Supplicant | 2021-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | |||||
| CVE-2010-2805 | 3 Apple, Canonical, Freetype | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2021-04-06 | 6.8 MEDIUM | N/A |
| The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2017-6751 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2021-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. | |||||
| CVE-2018-1110 | 1 Nic | 1 Knot Resolver | 2021-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. | |||||
| CVE-2018-14009 | 1 Codiad | 1 Codiad | 2021-03-31 | 10.0 HIGH | 9.8 CRITICAL |
| Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. | |||||
| CVE-2016-10703 | 1 Ecstatic Project | 1 Ecstatic | 2021-03-30 | 7.8 HIGH | 7.5 HIGH |
| A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string. | |||||
| CVE-2021-25354 | 1 Samsung | 1 Internet | 2021-03-30 | 6.8 MEDIUM | 5.3 MEDIUM |
| Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | |||||
| CVE-2021-1431 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2021-1220 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 3.5 LOW | 4.3 MEDIUM |
| Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. | |||||
| CVE-2020-7839 | 1 Markany | 1 Maepsbroker | 2021-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter. | |||||
| CVE-2021-21357 | 1 Typo3 | 1 Typo3 | 2021-03-26 | 6.5 MEDIUM | 8.3 HIGH |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | |||||
| CVE-2020-10648 | 2 Denx, Opensuse | 2 U-boot, Leap | 2021-03-26 | 6.8 MEDIUM | 7.8 HIGH |
| Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. | |||||