Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1364 | 1 Cisco | 1 Wireless Lan Controller Software | 2021-08-19 | 7.8 HIGH | 7.5 HIGH |
| Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908. | |||||
| CVE-2021-33708 | 1 Kyma-project | 1 Kyma | 2021-08-18 | 6.5 MEDIUM | 8.8 HIGH |
| Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. | |||||
| CVE-2021-33706 | 1 Sap | 1 Infrabox | 2021-08-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | |||||
| CVE-2021-37788 | 1 Gurock | 1 Testrail | 2021-08-17 | 4.3 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link. | |||||
| CVE-2020-15194 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2021-08-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1." | |||||
| CVE-2020-15197 | 1 Google | 1 Tensorflow | 2021-08-17 | 3.5 LOW | 6.3 MEDIUM |
| In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | |||||
| CVE-2021-29714 | 1 Ibm | 1 Content Navigator | 2021-08-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. | |||||
| CVE-2014-5087 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2021-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2021-32795 | 1 Archisteamfarm Project | 1 Archisteamfarm | 2021-08-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allows attacker to remotely crash running ASF instance through sending a specifically-crafted Steam chat message exists. The user sending the message does not need to be authorized within the bot or ASF process. The attacker needs to know ASF's `CommandPrefix` in advance, but majority of ASF setups run with an unchanged default value. This attack does not allow attacker to gain any potentially-sensitive information, such as logins or passwords, does not allow to execute arbitrary commands and otherwise exploit the crash further. The issue is patched in ASF V4.3.1.0. The only workaround which guarantees complete protection is running all bots with `OnlineStatus` of `0` (Offline). In this setup, ASF is able to ignore even the specifically-crafted message without attempting to interpret it. | |||||
| CVE-2021-26605 | 2 Microsoft, Unidocs | 2 Windows, Ezpdfreader | 2021-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication. | |||||
| CVE-2021-26606 | 2 Dreamsecurity, Microsoft | 2 Magicline4nx.exe, Windows | 2021-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system. | |||||
| CVE-2020-7863 | 1 Raonwiz | 1 Raon K Upload | 2021-08-13 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy. | |||||
| CVE-2020-3191 | 1 Cisco | 26 Adaptive Security Appliance, Asa 5505, Asa 5505 Firmware and 23 more | 2021-08-12 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only. | |||||
| CVE-2020-3130 | 1 Cisco | 1 Unity Connection | 2021-08-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system. | |||||
| CVE-2020-3133 | 1 Cisco | 1 Email Security Appliance | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device. | |||||
| CVE-2020-3161 | 1 Cisco | 26 8831, 8831 Firmware, Ip Phone 7811 and 23 more | 2021-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. | |||||
| CVE-2020-3162 | 1 Cisco | 1 Iot Field Network Director | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints. | |||||
| CVE-2020-3194 | 1 Cisco | 4 Webex Meetings, Webex Meetings Online, Webex Meetings Server and 1 more | 2021-08-12 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2020-3201 | 1 Cisco | 2 Ios, Ios Xe | 2021-08-12 | 4.9 MEDIUM | 6.0 MEDIUM |
| A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2020-3116 | 1 Cisco | 2 Webex Meetings Online, Webex Meetings Server | 2021-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly. | |||||