Total
258074 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30632 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-30633 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-37975 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-07-26 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-37976 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2021-36948 | 1 Microsoft | 8 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 5 more | 2024-07-26 | 4.6 MEDIUM | 7.8 HIGH |
Windows Update Medic Service Elevation of Privilege Vulnerability | |||||
CVE-2021-36942 | 1 Microsoft | 6 Windows Server 2004, Windows Server 2008, Windows Server 2012 and 3 more | 2024-07-26 | 5.0 MEDIUM | 7.5 HIGH |
Windows LSA Spoofing Vulnerability | |||||
CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2024-07-26 | 6.5 MEDIUM | 8.8 HIGH |
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | |||||
CVE-2021-34448 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-07-26 | 9.3 HIGH | 6.8 MEDIUM |
Scripting Engine Memory Corruption Vulnerability | |||||
CVE-2021-34473 | 1 Microsoft | 1 Exchange Server | 2024-07-26 | 10.0 HIGH | 9.1 CRITICAL |
Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
CVE-2021-33771 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-07-26 | 7.2 HIGH | 7.8 HIGH |
Windows Kernel Elevation of Privilege Vulnerability | |||||
CVE-2021-31979 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2024-07-26 | 7.2 HIGH | 7.8 HIGH |
Windows Kernel Elevation of Privilege Vulnerability | |||||
CVE-2021-31207 | 1 Microsoft | 1 Exchange Server | 2024-07-26 | 6.5 MEDIUM | 6.6 MEDIUM |
Microsoft Exchange Server Security Feature Bypass Vulnerability | |||||
CVE-2024-42007 | 2024-07-26 | N/A | 5.8 MEDIUM | ||
SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. | |||||
CVE-2024-31840 | 1 Italtel | 1 Embrace | 2024-07-26 | N/A | 6.5 MEDIUM |
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | |||||
CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-07-26 | N/A | 9.8 CRITICAL |
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | |||||
CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2024-07-26 | N/A | 6.5 MEDIUM |
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | |||||
CVE-2024-31844 | 1 Italtel | 1 Embrace | 2024-07-26 | N/A | 5.3 MEDIUM |
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication. | |||||
CVE-2024-31847 | 1 Italtel | 1 Embrace | 2024-07-26 | N/A | 6.1 MEDIUM |
An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization. | |||||
CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-07-26 | N/A | 8.8 HIGH |
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. |