Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25753 | 1 Enphase | 2 Envoy, Envoy Firmware | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. | |||||
| CVE-2021-21997 | 2 Microsoft, Vmware | 2 Windows, Tools | 2021-06-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. | |||||
| CVE-2021-23845 | 1 Bosch | 8 B426, B426-cn, B426-cn Firmware and 5 more | 2021-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. | |||||
| CVE-2017-15567 | 1 Idemia | 2 Mso 1300, Mso 1300 Firmware | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED ** The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK. | |||||
| CVE-2021-34682 | 1 Gov | 1 Imposto De Renda Da Pessoa Fisica 2021 | 2021-06-23 | 4.3 MEDIUM | 3.7 LOW |
| Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. | |||||
| CVE-2021-32575 | 1 Hashicorp | 1 Nomad | 2021-06-22 | 3.3 LOW | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. | |||||
| CVE-2021-26996 | 1 Netapp | 1 E-series Santricity Os Controller | 2021-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks. | |||||
| CVE-2021-26995 | 1 Netapp | 1 E-series Santricity Os Controller | 2021-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code. | |||||
| CVE-2021-26993 | 1 Netapp | 1 E-series Santricity Os Controller | 2021-06-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server. | |||||
| CVE-2021-29706 | 1 Ibm | 1 Aix | 2021-06-22 | 3.6 LOW | 7.1 HIGH |
| IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663. | |||||
| CVE-2018-6436 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2018-6439 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2018-6435 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access. | |||||
| CVE-2018-6440 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack. | |||||
| CVE-2018-6437 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2018-6442 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands. | |||||
| CVE-2018-6438 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2017-6227 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2021-06-22 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. | |||||
| CVE-2018-6441 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell. | |||||
| CVE-2008-5110 | 1 Oneidentity | 1 Syslog-ng | 2021-06-22 | 9.3 HIGH | N/A |
| syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9. | |||||