Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23426 | 1 Proto Project | 1 Proto | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function. | |||||
| CVE-2015-5122 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more | 2021-09-08 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. | |||||
| CVE-2016-3684 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2021-09-08 | 1.9 LOW | 4.7 MEDIUM |
| SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338. | |||||
| CVE-2021-28633 | 1 Adobe | 1 Creative Cloud Desktop Application | 2021-08-31 | 3.6 LOW | 6.1 MEDIUM |
| Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system. | |||||
| CVE-2012-4817 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 5.0 MEDIUM | N/A |
| The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2008-0149 | 1 Tutos | 1 Tutos | 2021-08-30 | 5.0 MEDIUM | N/A |
| TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2021-3616 | 1 Lenovo | 6 Smart Camera C2e, Smart Camera C2e Firmware, Smart Camera X3 and 3 more | 2021-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651. | |||||
| CVE-2002-2199 | 1 Freebsd | 1 Advanced Intrusion Detection Environment | 2021-08-27 | 4.6 MEDIUM | N/A |
| The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection. | |||||
| CVE-2021-34218 | 1 Totolink | 2 A3002r, A3002r Firmware | 2021-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. | |||||
| CVE-2021-31338 | 1 Siemens | 1 Sinema Remote Connect | 2021-08-26 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. | |||||
| CVE-2009-0629 | 1 Cisco | 2 Ios, Ios Xr | 2021-08-25 | 5.4 MEDIUM | N/A |
| The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets. | |||||
| CVE-2021-3352 | 1 Mitel | 1 Micontact Center Business | 2021-08-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | |||||
| CVE-2020-36474 | 1 Safecurl Project | 1 Safecurl | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| SafeCurl before 0.9.2 has a DNS rebinding vulnerability. | |||||
| CVE-2021-33595 | 1 F-secure | 1 Safe | 2021-08-19 | 3.5 LOW | 3.5 LOW |
| A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-33594 | 1 F-secure | 1 Safe | 2021-08-19 | 3.5 LOW | 3.5 LOW |
| An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. | |||||
| CVE-2021-20420 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-08-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281. | |||||
| CVE-2006-1236 | 1 Crossfire | 1 Crossfire | 2021-08-18 | 7.5 HIGH | N/A |
| Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010. | |||||
| CVE-2019-1625 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2021-08-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user. | |||||
| CVE-2020-3186 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied. | |||||
| CVE-2021-29973 | 1 Mozilla | 1 Firefox | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. | |||||