Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1446 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.1 LOW | N/A |
| Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays. | |||||
| CVE-2021-33689 | 1 Sap | 1 Netweaver Application Server Java | 2021-07-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted. | |||||
| CVE-2021-0604 | 1 Google | 1 Android | 2021-07-16 | 1.9 LOW | 5.5 MEDIUM |
| In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660 | |||||
| CVE-2009-5005 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 5.0 MEDIUM | N/A |
| The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. | |||||
| CVE-2010-3083 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 4.3 MEDIUM | N/A |
| sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. | |||||
| CVE-2009-5006 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 4.0 MEDIUM | N/A |
| The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. | |||||
| CVE-2021-36123 | 1 Echobh | 1 Sharecare | 2021-07-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths. | |||||
| CVE-2021-21589 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2021-07-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges. | |||||
| CVE-2011-0064 | 2 Gnome, Mozilla | 2 Pango, Firefox | 2021-07-14 | 6.8 MEDIUM | N/A |
| The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | |||||
| CVE-2021-20414 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216. | |||||
| CVE-2021-32741 | 1 Nextcloud | 1 Nextcloud Server | 2021-07-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. | |||||
| CVE-2021-36153 | 1 Linuxfoundation | 1 Grpc Swift | 2021-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. | |||||
| CVE-2007-1344 | 1 Xiph | 1 Icecast Ezstream | 2021-07-12 | 9.3 HIGH | N/A |
| Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2021-33216 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. | |||||
| CVE-2021-23991 | 1 Mozilla | 1 Thunderbird | 2021-07-08 | 4.0 MEDIUM | 6.8 MEDIUM |
| If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1. | |||||
| CVE-2021-29479 | 1 Ratpack Project | 1 Ratpack | 2021-07-08 | 4.0 MEDIUM | 6.1 MEDIUM |
| Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key. Users are only vulnerable if they do not configure a custom `PublicAddress` instance. For versions prior to 1.9.0, by default, Ratpack utilizes an inferring version of `PublicAddress` which is vulnerable. This can be used to perform redirect cache poisoning where an attacker can force a cached redirect to redirect to their site instead of the intended redirect location. The vulnerability was patched in Ratpack 1.9.0. As a workaround, ensure that `ServerConfigBuilder::publicAddress` correctly configures the server in production. | |||||
| CVE-2021-36126 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user. | |||||
| CVE-2010-4182 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Vista and 1 more | 2021-07-07 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2020-9158 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. | |||||
| CVE-2021-22375 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. | |||||