Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | |||||
| CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
| CVE-2019-3970 | 1 Comodo | 1 Antivirus | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures. | |||||
| CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2021-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | |||||
| CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2021-07-12 | 2.1 LOW | 3.3 LOW |
| Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | |||||
| CVE-2021-24001 | 1 Mozilla | 1 Firefox | 2021-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. | |||||
| CVE-2020-18646 | 1 5none | 1 Nonecms | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php". | |||||
| CVE-2020-18647 | 1 5none | 1 Nonecms | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor". | |||||
| CVE-2021-22550 | 1 Google | 1 Asylo | 2021-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c | |||||
| CVE-2019-9475 | 1 Google | 1 Android | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886 | |||||
| CVE-2008-2544 | 1 Linux | 1 Linux Kernel | 2021-06-07 | 2.1 LOW | 5.5 MEDIUM |
| Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | |||||
| CVE-2018-16494 | 1 Versa-networks | 1 Versa Operating System | 2021-06-04 | 6.5 MEDIUM | 8.8 HIGH |
| In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers. | |||||
| CVE-2021-26309 | 1 Jetbrains | 1 Teamcity | 2021-05-19 | 2.1 LOW | 3.3 LOW |
| Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. | |||||
| CVE-2021-31410 | 1 Vaadin | 1 Designer | 2021-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. | |||||
| CVE-2020-9291 | 1 Fortinet | 1 Forticlient | 2021-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | |||||
| CVE-2020-10581 | 1 Invigo | 1 Automatic Device Management | 2021-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. | |||||
| CVE-2021-23958 | 1 Mozilla | 1 Firefox | 2021-03-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. | |||||
| CVE-2020-27872 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2021-02-08 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. | |||||
| CVE-2020-26186 | 1 Dell | 2 Inspiron 5675, Inspiron 5675 Firmware | 2021-01-12 | 7.2 HIGH | 6.8 MEDIUM |
| Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM). | |||||
| CVE-2020-26261 | 1 Jupyterhub | 1 Systemdspawner | 2020-12-10 | 3.3 LOW | 7.9 HIGH |
| jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15 | |||||