Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25677 | 1 Siemens | 6 Nucleus Net, Nucleus Readystart V3, Nucleus Readystart V4 and 3 more | 2022-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. | |||||
| CVE-2021-27393 | 1 Siemens | 3 Nucleus Net, Nucleus Readystart V3, Nucleus Source Code | 2022-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving. | |||||
| CVE-2020-26141 | 3 Alfa, Cisco, Siemens | 190 Awus036h, Awus036h Firmware, Ip Conference Phone 8832 and 187 more | 2022-04-22 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. | |||||
| CVE-2019-5532 | 1 Vmware | 1 Vcenter Server | 2022-04-22 | 4.0 MEDIUM | 7.7 HIGH |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | |||||
| CVE-2019-10071 | 1 Apache | 1 Tapestry | 2022-04-22 | 6.8 MEDIUM | 9.8 CRITICAL |
| The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead. | |||||
| CVE-2019-14998 | 1 Atlassian | 1 Jira Server | 2022-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | |||||
| CVE-2019-14995 | 1 Atlassian | 1 Jira Server | 2022-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. | |||||
| CVE-2019-5427 | 3 Fedoraproject, Mchange, Oracle | 11 Fedora, C3p0, Communications Ip Service Activator and 8 more | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | |||||
| CVE-2018-16529 | 1 Forcepoint | 1 Email Security | 2022-04-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. | |||||
| CVE-2018-14789 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2022-04-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2015-9323 | 1 Duckdev | 1 404 To 301 | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. | |||||
| CVE-2022-24850 | 1 Discourse | 1 Discourse | 2022-04-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem. | |||||
| CVE-2021-26471 | 1 Vembu | 2 Bdr Suite, Offsite Dr | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands. | |||||
| CVE-2021-26473 | 1 Vembu | 2 Bdr Suite, Offsite Dr | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server. | |||||
| CVE-2018-10923 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2022-04-22 | 5.5 MEDIUM | 8.1 HIGH |
| It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. | |||||
| CVE-2018-10914 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2022-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. | |||||
| CVE-2020-7628 | 2 Install-package Project, Umount Project | 2 Install-package, Umount | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | |||||
| CVE-2020-11450 | 1 Microstrategy | 1 Microstrategy Web | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher. | |||||
| CVE-2020-10955 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2022-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. | |||||