Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3755 | 1 Apple | 2 Iphone, Iphone Os | 2022-08-09 | 4.3 MEDIUM | N/A |
| Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | |||||
| CVE-2007-4671 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2022-08-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. | |||||
| CVE-2008-1589 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2022-08-09 | 4.3 MEDIUM | N/A |
| Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. | |||||
| CVE-2008-1588 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2022-08-09 | 4.3 MEDIUM | N/A |
| Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. | |||||
| CVE-2021-4117 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| yetiforcecrm is vulnerable to Business Logic Errors | |||||
| CVE-2021-4111 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| yetiforcecrm is vulnerable to Business Logic Errors | |||||
| CVE-2021-44832 | 5 Apache, Cisco, Debian and 2 more | 22 Log4j, Cloudcenter, Debian Linux and 19 more | 2022-08-08 | 8.5 HIGH | 6.6 MEDIUM |
| Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. | |||||
| CVE-2022-31321 | 1 Boltcms | 1 Bolt | 2022-08-08 | N/A | 9.1 CRITICAL |
| The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2022-2636 | 1 Hestiacp | 1 Control Panel | 2022-08-06 | N/A | 8.8 HIGH |
| Improper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6. | |||||
| CVE-2020-0368 | 1 Google | 1 Android | 2022-08-05 | 2.1 LOW | 3.3 LOW |
| In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980 | |||||
| CVE-2020-27828 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2022-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | |||||
| CVE-2022-34164 | 1 Ibm | 1 Cics Tx | 2022-08-05 | N/A | 5.5 MEDIUM |
| IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. | |||||
| CVE-2021-1279 | 1 Cisco | 13 Ios Xe Sd-wan, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 10 more | 2022-08-05 | 7.8 HIGH | 8.6 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1301 | 1 Cisco | 13 Ios Xe Sd-wan, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 10 more | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1249 | 1 Cisco | 1 Data Center Network Manager | 2022-08-05 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1137 | 1 Cisco | 1 Sd-wan Vmanage | 2022-08-05 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1459 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2022-08-05 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability. | |||||
| CVE-2021-1480 | 1 Cisco | 1 Sd-wan Vmanage | 2022-08-05 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1402 | 1 Cisco | 16 Asa 5512-x, Asa 5515-x, Asa 5525-x and 13 more | 2022-08-05 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload. | |||||
| CVE-2021-39220 | 1 Nextcloud | 1 Mail | 2022-08-05 | 3.5 LOW | 3.5 LOW |
| Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading. | |||||