Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2593 | 1 Oracle | 1 Application Server | 2021-07-13 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594. | |||||
| CVE-2009-0993 | 1 Oracle | 1 Application Server | 2021-07-13 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log. | |||||
| CVE-2020-3141 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2021-07-13 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-33012 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 Firmware | 2021-07-12 | 5.0 MEDIUM | 8.6 HIGH |
| Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. | |||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 6.5 MEDIUM | 7.2 HIGH |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | |||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | |||||
| CVE-2021-22226 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.9 MEDIUM | 6.5 MEDIUM |
| Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | |||||
| CVE-2021-22229 | 1 Gitlab | 1 Gitlab | 2021-07-08 | 4.3 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. | |||||
| CVE-2020-26763 | 1 Rocket.chat | 1 Rocket.chat | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. | |||||
| CVE-2021-20778 | 1 Ec-cube | 1 Ec-cube | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-24113 | 1 Microsoft | 1 Edge Chromium | 2021-07-08 | 5.8 MEDIUM | 5.4 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2018-5241 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. | |||||
| CVE-2019-18375 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | |||||
| CVE-2017-13677 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. | |||||
| CVE-2021-1723 | 2 Fedoraproject, Microsoft | 3 Fedora, Asp.net Core, Visual Studio 2019 | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| ASP.NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2021-24112 | 1 Microsoft | 4 .net, .net Core, Mono and 1 more | 2021-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701. | |||||
| CVE-2021-31957 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, .net Core and 1 more | 2021-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| ASP.NET Denial of Service Vulnerability | |||||
| CVE-2016-3465 | 1 Oracle | 1 Solaris | 2021-07-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS. | |||||
| CVE-2019-2807 | 1 Oracle | 1 Solaris | 2021-07-07 | 3.3 LOW | 3.9 LOW |
| Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). | |||||
| CVE-2019-2787 | 1 Oracle | 1 Solaris | 2021-07-07 | 4.0 MEDIUM | 4.2 MEDIUM |
| Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). | |||||