Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35580 | 1 Searchblox | 1 Searchblox | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users. | |||||
| CVE-2021-29686 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015 | |||||
| CVE-2021-29659 | 1 Owncloud | 1 Owncloud | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance. | |||||
| CVE-2021-27925 | 1 Couchbase | 1 Couchbase Server | 2022-07-12 | 3.5 LOW | 4.4 MEDIUM |
| An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file. | |||||
| CVE-2021-29747 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775. | |||||
| CVE-2021-25264 | 1 Sophos | 2 Home, Intercept X | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
| In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | |||||
| CVE-2021-27734 | 1 Belden | 2 Hirschmann Hios, Hisecos | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. | |||||
| CVE-2021-31728 | 1 Malwarefox | 1 Antimalware | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook with IOCTL 0x80002044 and execute the executable memory using this hook with IOCTL 0x80002014 or 0x80002018, this exposes ring 0 code execution in the context of the driver allowing the non-privileged process to elevate privileges. | |||||
| CVE-2021-31727 | 1 Malwarefox | 1 Antimalware | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile. | |||||
| CVE-2021-20429 | 1 Ibm | 1 Qradar User Behavior Analytics | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334. | |||||
| CVE-2020-27184 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks. | |||||
| CVE-2021-31922 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. | |||||
| CVE-2021-32920 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. | |||||
| CVE-2021-22154 | 1 Blackberry | 1 Unified Endpoint Management | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history. | |||||
| CVE-2020-24587 | 6 Arista, Cisco, Debian and 3 more | 332 C-100, C-100 Firmware, C-110 and 329 more | 2022-07-12 | 1.8 LOW | 2.6 LOW |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. | |||||
| CVE-2021-31207 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft Exchange Server Security Feature Bypass Vulnerability | |||||
| CVE-2021-28474 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26418 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2022-07-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172. | |||||
| CVE-2021-27619 | 1 Sap | 1 Commerce | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure. | |||||
| CVE-2021-27616 | 1 Sap | 2 Business-one-hana-chef-cookbook, Business One | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application. | |||||