Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28123 | 1 Cohesity | 1 Cohesity Dataplatform | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. | |||||
| CVE-2021-29012 | 1 Dmasoftlab | 1 Dma Radius Manager | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen. | |||||
| CVE-2021-22195 | 1 Gitlab | 1 Gitlab-vscode-extension | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | |||||
| CVE-2021-29937 | 1 Telemetry Project | 1 Telemetry | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). | |||||
| CVE-2021-29932 | 1 Parse Duration Project | 1 Parse Duration | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent. | |||||
| CVE-2021-28994 | 2 Kopano, Zarafa | 2 Groupware Core, Zarafa | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. | |||||
| CVE-2021-22997 | 1 F5 | 1 Big-iq Centralized Management | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22991 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2022-07-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-29658 | 1 Vscode-rufo Project | 1 Vscode-rufo | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder. | |||||
| CVE-2021-22986 | 1 F5 | 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-23985 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. | |||||
| CVE-2021-29647 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. | |||||
| CVE-2020-4848 | 1 Ibm | 1 Urbancode Deploy | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293. | |||||
| CVE-2021-26810 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. | |||||
| CVE-2020-19641 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'. | |||||
| CVE-2021-29416 | 1 Portswigger | 1 Burp Suite | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB. | |||||
| CVE-2020-7468 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. | |||||
| CVE-2020-25582 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 8.5 HIGH | 8.7 HIGH |
| In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. | |||||
| CVE-2020-25580 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. | |||||
| CVE-2020-25579 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. | |||||