Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-10817 1 Intercom 1 Malion 2021-05-17 7.5 HIGH 9.8 CRITICAL
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.
CVE-2017-10816 1 Intercom 1 Malion 2021-05-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.
CVE-2021-23901 2 Apache, Netapp 2 Nutch, Snap Creator Framework 2021-05-17 6.4 MEDIUM 9.1 CRITICAL
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
CVE-2021-23926 2 Apache, Netapp 4 Xmlbeans, Oncommand Unified Manager Core Package, Snap Creator Framework and 1 more 2021-05-17 6.4 MEDIUM 9.1 CRITICAL
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
CVE-2020-28499 1 Merge Project 1 Merge 2021-05-17 7.5 HIGH 9.8 CRITICAL
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
CVE-2014-9390 6 Apple, Eclipse, Git-scm and 3 more 8 Mac Os X, Xcode, Egit and 5 more 2021-05-17 7.5 HIGH 9.8 CRITICAL
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
CVE-2021-22679 1 Ti 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more 2021-05-17 7.5 HIGH 9.8 CRITICAL
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
CVE-2021-22671 1 Ti 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more 2021-05-17 7.5 HIGH 9.8 CRITICAL
Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
CVE-2021-21984 1 Vmware 1 Vrealize Business For Cloud 2021-05-17 7.5 HIGH 9.8 CRITICAL
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.
CVE-2021-21505 1 Dell 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware 2021-05-17 10.0 HIGH 9.8 CRITICAL
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges.
CVE-2021-31914 2 Jetbrains, Microsoft 2 Teamcity, Windows 2021-05-17 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
CVE-2021-31915 1 Jetbrains 1 Teamcity 2021-05-17 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
CVE-2021-20232 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Enterprise Linux 2021-05-17 7.5 HIGH 9.8 CRITICAL
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
CVE-2021-1498 1 Cisco 8 Hyperflex Hx220c Af M5, Hyperflex Hx220c All Nvme M5, Hyperflex Hx220c Edge M5 and 5 more 2021-05-17 7.5 HIGH 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-31800 1 Secureauth 1 Impacket 2021-05-16 7.5 HIGH 9.8 CRITICAL
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
CVE-2021-2248 1 Oracle 1 Secure Global Desktop 2021-05-15 7.5 HIGH 10.0 CRITICAL
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.
CVE-2021-2221 1 Oracle 1 Secure Global Desktop 2021-05-15 6.8 MEDIUM 9.6 CRITICAL
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.
CVE-2021-2177 1 Oracle 1 Secure Global Desktop 2021-05-15 7.5 HIGH 10.0 CRITICAL
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.
CVE-2021-21226 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 9.6 CRITICAL
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21223 2 Debian, Google 2 Debian Linux, Chrome 2021-05-14 6.8 MEDIUM 9.6 CRITICAL
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.