Total
638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24511 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2021-09-09 | 2.1 LOW | 6.5 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-27361 | 1 Akkadianlabs | 1 Akkadian Provisioning Manager | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. | |||||
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2021-09-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||||
| CVE-2021-29280 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-08-26 | 4.3 MEDIUM | 6.4 MEDIUM |
| In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | |||||
| CVE-2021-38712 | 1 Onenav | 1 Onenav | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file. | |||||
| CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2021-08-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | |||||
| CVE-2021-32788 | 1 Discourse | 1 Discourse | 2021-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic. | |||||
| CVE-2019-5159 | 1 Wago | 1 E\!cockpit | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. | |||||
| CVE-2020-11610 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends. | |||||
| CVE-2020-25040 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | |||||
| CVE-2020-15816 | 1 Westerndigital | 1 Wd Discovery | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | |||||
| CVE-2020-25039 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | |||||
| CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | |||||
| CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
| CVE-2019-3970 | 1 Comodo | 1 Antivirus | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures. | |||||
| CVE-2020-16268 | 1 1e | 1 Client | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. | |||||
| CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2021-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | |||||
| CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2021-07-12 | 2.1 LOW | 3.3 LOW |
| Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | |||||
| CVE-2021-24001 | 1 Mozilla | 1 Firefox | 2021-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. | |||||
| CVE-2020-18646 | 1 5none | 1 Nonecms | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php". | |||||