Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1000014 | 1 Erlang | 1 Rebar3 | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0. | |||||
| CVE-2019-10028 | 1 Netflix | 1 Dial Reference | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. | |||||
| CVE-2019-10044 | 2 Microsoft, Telegram | 3 Windows, Telegram, Telegram Desktop | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. | |||||
| CVE-2019-15687 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. | |||||
| CVE-2019-1020015 | 1 Hasura | 1 Graphql Engine | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. | |||||
| CVE-2019-16353 | 1 Geautomation | 1 Proficy | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. | |||||
| CVE-2019-15514 | 1 Telegram | 1 Telegram | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. | |||||
| CVE-2019-11173 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | |||||
| CVE-2019-15330 | 1 Webp Express Project | 1 Webp Express | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. | |||||
| CVE-2019-0190 | 3 Apache, Openssl, Oracle | 6 Http Server, Openssl, Enterprise Manager Ops Center and 3 more | 2021-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts. | |||||
| CVE-2017-7656 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2021-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. | |||||
| CVE-2019-2897 | 1 Oracle | 1 Business Intelligence | 2021-07-20 | 5.5 MEDIUM | 6.4 MEDIUM |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). | |||||
| CVE-2021-34509 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-20 | 2.1 LOW | 5.5 MEDIUM |
| Storage Spaces Controller Information Disclosure Vulnerability | |||||
| CVE-2021-34518 | 1 Microsoft | 2 Excel, Office Web Apps Server | 2021-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34501. | |||||
| CVE-2021-34476 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| Bowser.sys Denial of Service Vulnerability | |||||
| CVE-2021-34479 | 1 Microsoft | 1 Visual Studio Code | 2021-07-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Visual Studio Spoofing Vulnerability | |||||
| CVE-2021-34490 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-31183, CVE-2021-33772. | |||||
| CVE-2021-34489 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-19 | 6.8 MEDIUM | 7.8 HIGH |
| DirectWrite Remote Code Execution Vulnerability | |||||
| CVE-2021-34491 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| Win32k Information Disclosure Vulnerability | |||||
| CVE-2021-34492 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-19 | 5.8 MEDIUM | 8.1 HIGH |
| Windows Certificate Spoofing Vulnerability | |||||