Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35222 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2021-09-09 | 4.3 MEDIUM | 9.6 CRITICAL |
| This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | |||||
| CVE-2021-36078 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-09-09 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-36079 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-09-09 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2014-5086 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2021-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. | |||||
| CVE-2018-7720 | 1 Cobub | 1 Razor | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. | |||||
| CVE-2017-5156 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. | |||||
| CVE-2019-1255 | 1 Microsoft | 12 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 9 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | |||||
| CVE-2018-18333 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security, Internet Security and 2 more | 2021-09-09 | 6.8 MEDIUM | 7.8 HIGH |
| A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. | |||||
| CVE-2018-8327 | 1 Microsoft | 2 Powershell Editor Services, Powershell Extension | 2021-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. | |||||
| CVE-2018-6312 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2021-09-09 | 9.0 HIGH | 7.2 HIGH |
| A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used. | |||||
| CVE-2018-0986 | 1 Microsoft | 13 Exchange Server, Forefront Endpoint Protection 2010, Intune Endpoint Protection and 10 more | 2021-09-09 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection. | |||||
| CVE-2020-23790 | 1 Uxper | 1 Golo | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | |||||
| CVE-2020-1002 | 1 Microsoft | 12 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 9 more | 2021-09-09 | 6.6 MEDIUM | 7.1 HIGH |
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1161 | 1 Microsoft | 11 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 8 more | 2021-09-09 | 6.6 MEDIUM | 7.1 HIGH |
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | |||||
| CVE-2017-8060 | 1 Watchguard | 1 Panda Mobile Security | 2021-09-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
| CVE-2021-25643 | 1 Couchbase | 1 Couchbase Server | 2021-09-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call. | |||||
| CVE-2017-5158 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-09-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. | |||||
| CVE-2021-28305 | 1 Diesel | 1 Diesel | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed. | |||||
| CVE-2018-20299 | 1 Bosch | 4 360-indoor Camera, 360-indoor Camera Firmware, Eyes Outdoor Camera and 1 more | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server. | |||||
| CVE-2021-22003 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | |||||