Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 172417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40469 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2021-10-19 6.5 MEDIUM 7.2 HIGH
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-40468 1 Microsoft 4 Windows 10, Windows 11, Windows Server 2016 and 1 more 2021-10-19 2.1 LOW 5.5 MEDIUM
Windows Bind Filter Driver Information Disclosure Vulnerability
CVE-2020-10724 3 Canonical, Dpdk, Fedoraproject 3 Ubuntu Linux, Data Plane Development Kit, Fedora 2021-10-19 2.1 LOW 4.4 MEDIUM
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
CVE-2021-30869 2021-10-19 N/A N/A
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
CVE-2020-1714 2 Quarkus, Redhat 7 Quarkus, Decision Manager, Jboss Fuse and 4 more 2021-10-19 6.5 MEDIUM 8.8 HIGH
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
CVE-2020-1746 2 Debian, Redhat 3 Debian Linux, Ansible Engine, Ansible Tower 2021-10-19 1.9 LOW 5.0 MEDIUM
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.
CVE-2019-10170 1 Redhat 1 Keycloak 2021-10-19 6.5 MEDIUM 7.2 HIGH
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.
CVE-2021-42137 1 Zammad 1 Zammad 2021-10-19 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
CVE-2021-40467 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2021-10-19 4.6 MEDIUM 7.8 HIGH
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466.
CVE-2021-41055 1 Gajim 1 Gajim 2021-10-19 5.0 MEDIUM 7.5 HIGH
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
CVE-2021-42135 1 Hashicorp 1 Vault 2021-10-19 4.9 MEDIUM 8.1 HIGH
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
CVE-2021-20833 1 Soda-inc 1 Snkrdunk 2021-10-19 5.8 MEDIUM 7.4 HIGH
The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication via a crafted certificate.
CVE-2021-40466 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2021-10-19 4.6 MEDIUM 7.8 HIGH
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467.
CVE-2021-42109 1 Vitec 19 Avediastream M9305, Avediastream M9305 Firmware, Avediastream M9325 and 16 more 2021-10-19 10.0 HIGH 9.8 CRITICAL
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.
CVE-2021-40465 1 Microsoft 12 Windows 10, Windows 11, Windows 7 and 9 more 2021-10-19 6.8 MEDIUM 7.8 HIGH
Windows Text Shaping Remote Code Execution Vulnerability
CVE-2019-10169 1 Redhat 1 Keycloak 2021-10-19 6.5 MEDIUM 7.2 HIGH
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.
CVE-2021-20832 1 Inbody 1 Inbody 2021-10-19 4.3 MEDIUM 5.3 MEDIUM
InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body composition analyzer InBody Dial. This may allow an attacker who can connect to the InBody Dial with InBody App may obtain a victim's measurement result measured by InBody Dial.
CVE-2021-42325 1 Froxlor 1 Froxlor 2021-10-19 7.5 HIGH 9.8 CRITICAL
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
CVE-2020-25662 1 Redhat 1 Enterprise Linux 2021-10-19 3.3 LOW 6.5 MEDIUM
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-38456 1 Moxa 1 Mxview 2021-10-19 7.5 HIGH 9.8 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.