Total
9740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30004 | 1 W1.fi | 2 Hostapd, Wpa Supplicant | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | |||||
| CVE-2021-33661 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-7832 | 2 Dext5, Microsoft | 2 Dext5, Windows | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) | |||||
| CVE-2021-26605 | 2 Microsoft, Unidocs | 2 Windows, Ezpdfreader | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication. | |||||
| CVE-2021-29468 | 1 Cygwin | 1 Git | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio. | |||||
| CVE-2020-7863 | 1 Raonwiz | 1 Raon K Upload | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy. | |||||
| CVE-2021-25441 | 2 Google, Samsung | 2 Android, Ar Emoji Editor | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. | |||||
| CVE-2021-22397 | 1 Huawei | 1 Manageone | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service. | |||||
| CVE-2021-37692 | 1 Google | 1 Tensorflow | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until `NewTensor` returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, which is the other affected version. | |||||
| CVE-2021-0084 | 1 Intel | 8 Ethernet Controller E810, Ethernet Controller E810 Firmware, X722da2 and 5 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-1562 | 1 Cisco | 1 Broadworks Application Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available. | |||||
| CVE-2021-20762 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege. | |||||
| CVE-2021-22152 | 1 Blackberry | 1 Unified Endpoint Management | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections. | |||||
| CVE-2020-12526 | 1 Beckhoff | 3 Ipc Diagnostics Ua Server, Tf6100, Twincat Opc Ua Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs. | |||||
| CVE-2018-1110 | 1 Nic | 1 Knot Resolver | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. | |||||
| CVE-2020-8700 | 2 Intel, Netapp | 546 Bios, Core I3-l13g4, Core I5-l16g7 and 543 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11098 | 1 Tianocore | 1 Edk Ii | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | |||||
| CVE-2021-37595 | 2 Freerdp, Microsoft | 2 Freerdp, Windows | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. | |||||
| CVE-2021-31401 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. | |||||
| CVE-2021-22116 | 2 Debian, Vmware | 2 Debian Linux, Rabbitmq | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. | |||||