Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31940 | 1 Microsoft | 2 365 Apps, Office | 2021-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31941. | |||||
| CVE-2021-31941 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2021-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31940. | |||||
| CVE-2021-30181 | 1 Apache | 1 Dubbo | 2021-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code. | |||||
| CVE-2021-23388 | 1 Forms Project | 1 Forms | 2021-06-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. | |||||
| CVE-2021-31702 | 1 Frontiersoftware | 1 Ichris | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. | |||||
| CVE-2020-36009 | 1 Obottle Project | 1 Obottle | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability. | |||||
| CVE-2020-36008 | 1 Obottle Project | 1 Obottle | 2021-06-09 | 5.5 MEDIUM | 8.1 HIGH |
| OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability. | |||||
| CVE-2020-36005 | 1 Appcms | 1 Appcms | 2021-06-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | |||||
| CVE-2020-36006 | 1 Appcms | 1 Appcms | 2021-06-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | |||||
| CVE-2021-23369 | 1 Handlebarsjs | 1 Handlebars | 2021-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | |||||
| CVE-2021-22364 | 1 Huawei | 4 Mate 30, Mate 30 5g, Mate 30 5g Firmware and 1 more | 2021-06-07 | 2.1 LOW | 5.5 MEDIUM |
| There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . A module does not verify certain parameters sufficiently and it leads to some exceptions. Successful exploit could cause a denial of service condition. | |||||
| CVE-2019-4031 | 1 Ibm | 1 Tivoli Workload Scheduler | 2021-06-07 | 7.2 HIGH | 7.8 HIGH |
| IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997. | |||||
| CVE-2009-1955 | 7 Apache, Apple, Canonical and 4 more | 7 Apr-util, Mac Os X, Ubuntu Linux and 4 more | 2021-06-06 | 5.0 MEDIUM | N/A |
| The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | |||||
| CVE-2009-3720 | 3 A M Kuchling, James Clark, Python | 3 Pyxml, Expat, Python | 2021-06-06 | 5.0 MEDIUM | N/A |
| The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | |||||
| CVE-2010-0425 | 2 Apache, Microsoft | 2 Http Server, Windows | 2021-06-06 | 10.0 HIGH | N/A |
| modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | |||||
| CVE-2019-0215 | 2 Apache, Fedoraproject | 2 Http Server, Fedora | 2021-06-06 | 6.0 MEDIUM | 7.5 HIGH |
| In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. | |||||
| CVE-2018-1283 | 5 Apache, Canonical, Debian and 2 more | 8 Http Server, Ubuntu Linux, Debian Linux and 5 more | 2021-06-06 | 3.5 LOW | 5.3 MEDIUM |
| In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. | |||||
| CVE-2018-11763 | 5 Apache, Canonical, Netapp and 2 more | 9 Http Server, Ubuntu Linux, Storage Automation Store and 6 more | 2021-06-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. | |||||
| CVE-2021-28326 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-06-04 | 3.6 LOW | 6.1 MEDIUM |
| Windows AppX Deployment Server Denial of Service Vulnerability | |||||
| CVE-2021-28453 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2021-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||