Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2024-07-26 | 6.0 MEDIUM | 8.4 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2020-29583 | 1 Zyxel | 60 Atp100, Atp100 Firmware, Atp100w and 57 more | 2024-07-26 | 10.0 HIGH | 9.8 CRITICAL |
| Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | |||||
| CVE-2021-41773 | 4 Apache, Fedoraproject, Netapp and 1 more | 4 Http Server, Fedora, Cloud Backup and 1 more | 2024-07-26 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | |||||
| CVE-2021-42013 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Cloud Backup and 3 more | 2024-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. | |||||
| CVE-2021-30632 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30633 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-37975 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-37976 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2021-36948 | 1 Microsoft | 8 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 5 more | 2024-07-26 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Update Medic Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-36942 | 1 Microsoft | 6 Windows Server 2004, Windows Server 2008, Windows Server 2012 and 3 more | 2024-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| Windows LSA Spoofing Vulnerability | |||||
| CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2024-07-26 | 6.5 MEDIUM | 8.8 HIGH |
| An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | |||||
| CVE-2021-34448 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-07-26 | 9.3 HIGH | 6.8 MEDIUM |
| Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-34473 | 1 Microsoft | 1 Exchange Server | 2024-07-26 | 10.0 HIGH | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-33771 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-07-26 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-31979 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2024-07-26 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-31207 | 1 Microsoft | 1 Exchange Server | 2024-07-26 | 6.5 MEDIUM | 6.6 MEDIUM |
| Microsoft Exchange Server Security Feature Bypass Vulnerability | |||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2024-07-26 | N/A | 6.5 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | |||||
| CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-07-26 | N/A | 9.8 CRITICAL |
| Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | |||||
| CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2024-07-26 | N/A | 6.5 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | |||||