Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29263 | 1 Jetbrains | 1 Intellij Idea | 2021-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS. | |||||
| CVE-2021-27068 | 1 Microsoft | 1 Visual Studio 2019 | 2021-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2021-31179 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2021-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177. | |||||
| CVE-2021-31914 | 2 Jetbrains, Microsoft | 2 Teamcity, Windows | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. | |||||
| CVE-2021-31906 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 4.0 MEDIUM | 2.7 LOW |
| In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. | |||||
| CVE-2018-12536 | 2 Eclipse, Oracle | 2 Jetty, Retail Xstore Point Of Service | 2021-05-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. | |||||
| CVE-2016-20010 | 1 Ewww | 1 Image Optimizer | 2021-05-13 | 7.5 HIGH | 10.0 CRITICAL |
| EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. | |||||
| CVE-2021-31517 | 1 Trendmicro | 1 Home Network Security | 2021-05-12 | 7.8 HIGH | 7.5 HIGH |
| Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31518. | |||||
| CVE-2021-29240 | 1 Codesys | 1 Development System | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | |||||
| CVE-2021-28899 | 1 Live555 | 1 Streaming Media | 2021-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16. | |||||
| CVE-2021-31518 | 1 Trendmicro | 1 Home Network Security | 2021-05-11 | 7.8 HIGH | 7.5 HIGH |
| Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31517. | |||||
| CVE-2020-4901 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2021-05-11 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992. | |||||
| CVE-2017-8919 | 1 Netapp | 1 Oncommand Api Services | 2021-05-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. | |||||
| CVE-2017-5859 | 1 Cambiumnetworks | 3 Cnpilot R200, Cnpilot R200 Series Firmware, Cnpilot R201 | 2021-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the certificate of the device and its RSA keys, aka RBN-183. | |||||
| CVE-2020-8583 | 1 Netapp | 2 Element Os, Hci | 2021-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | |||||
| CVE-2020-8582 | 1 Netapp | 2 Element Os, Hci | 2021-05-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. | |||||
| CVE-2020-14874 | 1 Oracle | 1 Cloud Infrastructure Identity And Access Management | 2021-05-10 | 6.5 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Identity and Access Management accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Identity and Access Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Cloud Infrastructure Identity and Access Management. | |||||
| CVE-2021-25811 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2021-05-07 | 7.8 HIGH | 7.5 HIGH |
| MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed. | |||||
| CVE-2021-22393 | 1 Huawei | 7 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 4 more | 2021-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service. | |||||
| CVE-2018-3627 | 2 Intel, Netapp | 26 Converged Security Management Engine Firmware, Core I3, Core I5 and 23 more | 2021-05-07 | 4.6 MEDIUM | 8.2 HIGH |
| Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access. | |||||