Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25146 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-06-03 | 9.0 HIGH | 7.2 HIGH |
| A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25144 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-06-03 | 9.0 HIGH | 8.8 HIGH |
| A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-29470 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2022-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4. | |||||
| CVE-2021-32640 | 2 Netapp, Ws Project | 2 E-series Performance Analyzer, Ws | 2022-06-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options. | |||||
| CVE-2021-26931 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2022-06-03 | 1.9 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. | |||||
| CVE-2021-29489 | 2 Highcharts, Netapp | 5 Highcharts, Cloud Backup, Oncommand Insight and 2 more | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup. | |||||
| CVE-2021-29478 | 2 Fedoraproject, Redislabs | 2 Fedora, Redis | 2022-06-03 | 6.0 MEDIUM | 8.8 HIGH |
| Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command. | |||||
| CVE-2021-29477 | 2 Fedoraproject, Redislabs | 2 Fedora, Redis | 2022-06-03 | 6.5 MEDIUM | 8.8 HIGH |
| Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command. | |||||
| CVE-2021-31231 | 1 Grafana | 1 Enterprise Metrics | 2022-06-03 | 2.1 LOW | 5.5 MEDIUM |
| The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | |||||
| CVE-2021-33038 | 2 Debian, Hyperkitty Project | 2 Debian Linux, Hyperkitty | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. | |||||
| CVE-2017-2838 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2837 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2840 | 1 Ezbsystems | 1 Ultraiso | 2022-06-03 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. | |||||
| CVE-2017-2839 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2836 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2869 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2868 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2867 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2861 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2853 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||