Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39818 | 1 Adobe | 1 Incopy | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-04-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-27044 | 1 Autodesk | 1 Fbx Review | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure. | |||||
| CVE-2022-26807 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 4.4 MEDIUM | 7.0 HIGH |
| Windows Work Folder Service Elevation of Privilege Vulnerability. | |||||
| CVE-2021-32834 | 1 Eclipse | 1 Keti | 2022-04-25 | 6.5 MEDIUM | 9.9 CRITICAL |
| Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. | |||||
| CVE-2021-28568 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2022-04-25 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. | |||||
| CVE-2021-39115 | 1 Atlassian | 2 Jira Service Desk, Jira Service Management | 2022-04-25 | 9.0 HIGH | 7.2 HIGH |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. | |||||
| CVE-2021-36065 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36059 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-36037 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. | |||||
| CVE-2021-28626 | 1 Adobe | 1 Experience Manager | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-3554 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2022-04-25 | 7.5 HIGH | 10.0 CRITICAL |
| Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | |||||
| CVE-2021-36311 | 1 Dell | 1 Emc Networker | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | |||||
| CVE-2021-36301 | 1 Dell | 2 Emc Idrac8 Firmware, Emc Idrac9 Firmware | 2022-04-25 | 6.5 MEDIUM | 7.2 HIGH |
| Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system. | |||||
| CVE-2021-36308 | 1 Dell | 1 Networking Os10 | 2022-04-25 | 9.3 HIGH | 9.8 CRITICAL |
| Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. | |||||
| CVE-2022-20681 | 1 Cisco | 1 Ios Xe | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device. | |||||
| CVE-2021-35528 | 1 Hitachienergy | 2 Counterparty Settlements And Billing, Retail Operations | 2022-04-25 | 3.6 LOW | 7.1 HIGH |
| Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions. | |||||
| CVE-2021-42250 | 1 Apache | 1 Superset | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. | |||||
| CVE-2021-43172 | 1 Nlnetlabs | 1 Routinator | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all. | |||||