Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 172417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-3567 1 Cisco 2 Industrial Network Director, Network Level Service 2021-10-19 6.8 MEDIUM 6.5 MEDIUM
A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a permanent DoS condition that is due to high CPU utilization. Manual intervention may be required to recover the Cisco IND.
CVE-2021-33609 1 Vaadin 1 Vaadin 2021-10-19 4.0 MEDIUM 4.3 MEDIUM
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
CVE-2020-3572 1 Cisco 2 Adaptive Security Appliance, Firepower Threat Defense 2021-10-19 5.0 MEDIUM 8.6 HIGH
A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device.
CVE-2020-3571 1 Cisco 9 Firepower 4110, Firepower 4112, Firepower 4115 and 6 more 2021-10-19 7.8 HIGH 8.6 HIGH
A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation upon receiving ICMP packets. An attacker could exploit this vulnerability by sending a high number of crafted ICMP or ICMPv6 packets to an affected device. A successful exploit could allow the attacker to cause a memory exhaustion condition that may result in an unexpected reload. No manual intervention is needed to recover the device after the reload.
CVE-2020-3568 1 Cisco 1 Asyncos 2021-10-19 5.0 MEDIUM 5.8 MEDIUM
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.
CVE-2020-3573 1 Cisco 2 Webex Meetings, Webex Meetings Server 2021-10-19 9.3 HIGH 7.8 HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
CVE-2020-3577 1 Cisco 1 Firepower Threat Defense 2021-10-19 6.1 MEDIUM 7.4 HIGH
A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation when Ethernet frames are processed. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker do either of the following: Fill the /ngfw partition on the device: A full /ngfw partition could result in administrators being unable to log in to the device (including logging in through the console port) or the device being unable to boot up correctly. Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cause a process crash: The process crash would cause the device to reload. No manual intervention is necessary to recover the device after the reload.
CVE-2020-3595 1 Cisco 1 Sd-wan 2021-10-19 7.2 HIGH 7.8 HIGH
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.
CVE-2021-40473 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2021-10-19 6.8 MEDIUM 7.8 HIGH
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
CVE-2021-41799 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2021-10-19 5.0 MEDIUM 7.5 HIGH
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
CVE-2020-3603 1 Cisco 2 Webex Meetings, Webex Meetings Server 2021-10-19 9.3 HIGH 7.8 HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
CVE-2020-3600 1 Cisco 1 Sd-wan 2021-10-19 7.2 HIGH 7.8 HIGH
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.
CVE-2021-40472 1 Microsoft 6 365 Apps, Excel, Office and 3 more 2021-10-19 2.1 LOW 5.5 MEDIUM
Microsoft Excel Information Disclosure Vulnerability
CVE-2020-3604 1 Cisco 1 Webex Meetings 2021-10-19 9.3 HIGH 7.8 HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
CVE-2021-40463 1 Microsoft 8 Windows 10, Windows 11, Windows 8.1 and 5 more 2021-10-19 4.0 MEDIUM 6.5 MEDIUM
Windows NAT Denial of Service Vulnerability
CVE-2021-40471 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2021-10-19 6.8 MEDIUM 7.8 HIGH
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
CVE-2021-40464 1 Microsoft 5 Windows 10, Windows Server, Windows Server 2004 and 2 more 2021-10-19 5.2 MEDIUM 8.0 HIGH
Windows Nearby Sharing Elevation of Privilege Vulnerability
CVE-2021-40470 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2021-10-19 4.6 MEDIUM 7.8 HIGH
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2021-20834 1 Nike 1 Nike 2021-10-19 5.8 MEDIUM 6.1 MEDIUM
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
CVE-2021-25966 1 Orchardcore 1 Orchard Core 2021-10-19 6.8 MEDIUM 8.8 HIGH
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.