Total
261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36367 | 1 Putty | 1 Putty | 2021-07-14 | 5.8 MEDIUM | 8.1 HIGH |
| PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). | |||||
| CVE-2021-23998 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||||
| CVE-2021-29963 | 1 Mozilla | 1 Firefox | 2021-06-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-33887 | 1 Onepeloton | 2 Ttr01, Ttr01 Firmware | 2021-06-24 | 7.2 HIGH | 6.8 MEDIUM |
| Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader. | |||||
| CVE-2021-33712 | 1 Mendix | 1 Saml | 2021-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. | |||||
| CVE-2021-32665 | 1 Wire | 1 Wire | 2021-06-11 | 5.0 MEDIUM | 6.5 MEDIUM |
| wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an existing conversation - All the participants in the conversation were previously marked as verified. The vulnerability is patched in wire-ios version 3.8.1. As a workaround, one can unverify & verify a device in the conversation. | |||||
| CVE-2020-11985 | 1 Apache | 1 Http Server | 2021-06-06 | 4.3 MEDIUM | 5.3 MEDIUM |
| IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. | |||||
| CVE-2020-24395 | 1 Hom.ee | 2 Brain Cube, Brain Cube Core | 2021-06-03 | 7.2 HIGH | 6.8 MEDIUM |
| The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device. | |||||
| CVE-2021-21231 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-28900 | 1 Nagios | 2 Fusion, Nagios Xi | 2021-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | |||||
| CVE-2021-22339 | 1 Huawei | 1 Manageone | 2021-05-26 | 3.5 LOW | 6.5 MEDIUM |
| There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal. | |||||
| CVE-2021-29239 | 1 Codesys | 1 Development System | 2021-05-07 | 4.6 MEDIUM | 7.8 HIGH |
| CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | |||||
| CVE-2021-31783 | 1 Piwigo | 1 Localfiles Editor | 2021-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check. | |||||
| CVE-2015-6854 | 1 Broadcom | 1 Single Sign-on | 2021-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
| CVE-2015-6853 | 1 Broadcom | 1 Single Sign-on | 2021-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
| CVE-2021-21320 | 1 Matrix-react-sdk Project | 1 Matrix-react-sdk | 2021-03-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0. | |||||
| CVE-2014-0364 | 1 Igniterealtime | 1 Smack | 2021-02-23 | 5.0 MEDIUM | N/A |
| The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute. | |||||
| CVE-2021-3349 | 1 Gnome | 1 Evolution | 2021-02-08 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior. | |||||
| CVE-2020-26547 | 1 Monal | 1 Monal | 2021-02-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim. | |||||
| CVE-2013-7398 | 2 Async-http-client Project, Redhat | 2 Async-http-client, Jboss Fuse | 2020-12-15 | 4.3 MEDIUM | N/A |
| main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | |||||