Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8566 | 1 Apple | 1 Iphone Os | 2021-07-21 | 4.3 MEDIUM | 3.3 LOW |
| An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user. | |||||
| CVE-2020-25614 | 1 Xmlquery Project | 1 Xmlquery | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. | |||||
| CVE-2020-9254 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. | |||||
| CVE-2020-1195 | 1 Microsoft | 1 Edge | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-2051 | 1 Google | 1 Android | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117555811 | |||||
| CVE-2019-8515 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2019-1010245 | 1 Linuxfoundation | 1 Open Network Operating System | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. | |||||
| CVE-2019-20430 | 1 Lustre | 1 Lustre | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client. | |||||
| CVE-2020-35623 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space. | |||||
| CVE-2019-11098 | 1 Tianocore | 1 Edk Ii | 2021-07-20 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | |||||
| CVE-2013-2143 | 2 Redhat, Theforeman | 2 Network Satellite, Katello | 2021-07-16 | 6.5 MEDIUM | N/A |
| The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. | |||||
| CVE-2009-5136 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2021-07-15 | 4.0 MEDIUM | N/A |
| The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. | |||||
| CVE-2013-4255 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2021-07-15 | 3.5 LOW | N/A |
| The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. | |||||
| CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 5.8 MEDIUM | N/A |
| The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-1090 | 3 Linux, Redhat, Suse | 5 Linux Kernel, Enterprise Mrg, Linux Enterprise Desktop and 2 more | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | |||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| cumin: At installation postgresql database user created without password | |||||
| CVE-2012-2682 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 5.0 MEDIUM | N/A |
| Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link. | |||||
| CVE-2021-0600 | 1 Google | 1 Android | 2021-07-15 | 6.9 MEDIUM | 7.8 HIGH |
| In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963 | |||||
| CVE-2021-25428 | 1 Google | 1 Android | 2021-07-14 | 4.6 MEDIUM | 7.8 HIGH |
| Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | |||||
| CVE-2021-25434 | 1 Linux | 1 Tizen | 2021-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode. | |||||