Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14023 | 1 Siemens | 2 Simatic Pcs7, Simatic Wincc | 2021-11-15 | 4.0 MEDIUM | 4.9 MEDIUM |
| An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. | |||||
| CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2021-11-10 | 5.8 MEDIUM | 4.8 MEDIUM |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | |||||
| CVE-2021-43406 | 1 Fusionpbx | 1 Fusionpbx | 2021-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | |||||
| CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2021-11-09 | 7.2 HIGH | 7.8 HIGH |
| The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | |||||
| CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | |||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2021-11-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | |||||
| CVE-2021-34597 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2021-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | |||||
| CVE-2021-41585 | 1 Apache | 1 Traffic Server | 2021-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0. | |||||
| CVE-2020-12001 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2021-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. | |||||
| CVE-2019-5461 | 1 Gitlab | 1 Gitlab | 2021-11-03 | 4.0 MEDIUM | 3.5 LOW |
| An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2020-14273 | 1 Hcltech | 1 Domino | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | |||||
| CVE-2021-22491 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-22457 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 2.1 LOW | 3.3 LOW |
| A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. | |||||
| CVE-2021-22467 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 2.1 LOW | 5.5 MEDIUM |
| A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. | |||||
| CVE-2011-4124 | 1 Calibre-ebook | 1 Calibre | 2021-11-01 | 10.0 HIGH | 9.8 CRITICAL |
| Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | |||||
| CVE-2021-26607 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2021-11-01 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems. | |||||
| CVE-2019-1971 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2021-10-29 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2019-1961 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2021-10-29 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS. | |||||
| CVE-2019-1954 | 1 Cisco | 1 Webex Meetings Server | 2021-10-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2019-1952 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2021-10-29 | 4.6 MEDIUM | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device. | |||||