Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4435 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086. | |||||
| CVE-2017-9977 | 2 Apple, Avg | 2 Macos, Anti-virus | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. | |||||
| CVE-2018-1000101 | 1 Mingw-w64 | 1 Mingw-w64 | 2021-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network. | |||||
| CVE-2021-40387 | 1 Kaseya | 1 Unitrends Backup Software | 2021-09-07 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. | |||||
| CVE-2020-22848 | 1 Chshcms | 1 Cscms | 2021-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | |||||
| CVE-2021-40147 | 1 Emtec | 1 Zoc | 2021-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198. | |||||
| CVE-2020-25816 | 1 Hashicorp | 1 Vault | 2021-09-07 | 4.9 MEDIUM | 6.8 MEDIUM |
| HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4. | |||||
| CVE-2021-29862 | 1 Ibm | 2 Aix, Vios | 2021-09-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | |||||
| CVE-2021-29801 | 1 Ibm | 2 Aix, Vios | 2021-09-07 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. | |||||
| CVE-2021-1590 | 1 Cisco | 103 Nexus 3000, Nexus 3048, Nexus 31108pc-v and 100 more | 2021-09-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device. | |||||
| CVE-2017-16875 | 1 Teluu | 1 Pjsip | 2021-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations. | |||||
| CVE-2021-39271 | 1 Bscw | 1 Bscw Classic | 2021-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. | |||||
| CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | |||||
| CVE-2021-36929 | 1 Microsoft | 1 Edge Chromium | 2021-09-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2014-0930 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.7 MEDIUM | N/A |
| The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. | |||||
| CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | |||||
| CVE-2020-4887 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911. | |||||
| CVE-2021-23432 | 1 Mootools Project | 1 Mootools | 2021-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() | |||||
| CVE-2021-23406 | 1 Pac-resolver Project | 1 Pac-resolver | 2021-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. | |||||
| CVE-2020-17119 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Outlook Information Disclosure Vulnerability | |||||