Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-20720 1 Cisco 2 Ios Xe, Ir510 Operating System 2022-04-26 9.0 HIGH 7.2 HIGH
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-28970 1 Westerndigital 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more 2022-04-26 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)
CVE-2022-20721 1 Cisco 2 Ios Xe, Ir510 Operating System 2022-04-26 6.8 MEDIUM 4.9 MEDIUM
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-27908 1 Zohocorp 1 Manageengine Opmanager 2022-04-26 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVE-2020-28940 1 Westerndigital 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more 2022-04-26 7.5 HIGH 9.8 CRITICAL
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
CVE-2020-29368 2 Linux, Netapp 9 Linux Kernel, Cloud Backup, Element Software and 6 more 2022-04-26 6.9 MEDIUM 7.0 HIGH
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29136 1 Cpanel 1 Cpanel 2022-04-26 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
CVE-2020-29040 1 Xen 1 Xen 2022-04-26 4.6 MEDIUM 8.8 HIGH
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.
CVE-2020-28924 2 Fedoraproject, Rclone 2 Fedora, Rclone 2022-04-26 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.
CVE-2021-3308 2 Fedoraproject, Xen 2 Fedora, Xen 2022-04-26 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.
CVE-2021-3278 1 Local Services Search Engine Management System Project 1 Local Services Search Engine Management System 2022-04-26 7.5 HIGH 9.8 CRITICAL
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
CVE-2020-8698 5 Debian, Fedoraproject, Intel and 2 more 49 Debian Linux, Fedora, Core I3-1000g1 and 46 more 2022-04-26 2.1 LOW 5.5 MEDIUM
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-0591 2 Intel, Siemens 202 Bios, Core I5-7640x, Core I7-3820 and 199 more 2022-04-26 4.6 MEDIUM 6.7 MEDIUM
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-17010 1 Microsoft 2 Windows 10, Windows Server 2016 2022-04-26 7.2 HIGH 7.8 HIGH
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038.
CVE-2021-3318 1 Dzzoffice 1 Dzzoffice 2022-04-26 4.3 MEDIUM 6.1 MEDIUM
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-0454 1 Google 1 Android 2022-04-26 2.1 LOW 5.5 MEDIUM
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134
CVE-2020-0452 2 Fedoraproject, Google 2 Fedora, Android 2022-04-26 7.5 HIGH 9.8 CRITICAL
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
CVE-2020-25966 1 Sectona 1 Spectra 2022-04-26 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system."
CVE-2020-11854 1 Microfocus 4 Application Performance Management, Operations Bridge, Operations Bridge Manager and 1 more 2022-04-26 10.0 HIGH 9.8 CRITICAL
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
CVE-2020-7753 1 Trim Project 1 Trim 2022-04-26 5.0 MEDIUM 7.5 HIGH
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().