| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27518 | Hig | 0.51 | 7.8 | 0.00 | May 4, 2021 | All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM. | ||
| CVE-2021-29240 | Hig | 0.51 | 7.8 | 0.01 | May 4, 2021 | The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | ||
| CVE-2021-31164 | — | Hig | 0.49 | 7.5 | 0.02 | May 4, 2021 | Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. | |
| CVE-2020-35756 | Hig | 0.49 | 7.5 | 0.01 | May 3, 2021 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when… | ||
| CVE-2020-35755 | Hig | 0.49 | 7.5 | 0.01 | May 3, 2021 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are… | ||
| CVE-2021-29242 | Hig | 0.48 | 7.3 | 0.01 | May 3, 2021 | CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. | ||
| CVE-2021-29241 | Hig | 0.49 | 7.5 | 0.01 | May 3, 2021 | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | ||
| CVE-2021-29239 | Hig | 0.51 | 7.8 | 0.00 | May 3, 2021 | CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | ||
| CVE-2021-29238 | Hig | 0.57 | 8.8 | 0.01 | May 3, 2021 | CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | ||
| CVE-2021-25631 | Hig | 0.58 | 8.8 | 0.04 | May 3, 2021 | In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. | ||
| CVE-2021-31996 | — | Hig | 0.49 | 7.5 | 0.01 | May 3, 2021 | An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge(). | |
| CVE-2020-28944 | Hig | 0.49 | 7.5 | 0.02 | Apr 30, 2021 | OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. | ||
| CVE-2021-31933 | Hig | 0.04 | 7.2 | 0.14 | Apr 30, 2021 | A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to… | ||
| CVE-2021-21531 | Hig | 0.53 | 8.1 | 0.01 | Apr 30, 2021 | Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions. | ||
| CVE-2021-21530 | Hig | 0.54 | 8.3 | 0.01 | Apr 30, 2021 | Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive… | ||
| CVE-2021-21507 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2021 | Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading… | ||
| CVE-2021-21233 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2021 | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21232 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2021 | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21231 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2021 | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21230 | Hig | 0.57 | 8.8 | 0.02 | Apr 30, 2021 | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21227 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2021 | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-29486 | — | Hig | 0.00 | 7.5 | 0.02 | Apr 30, 2021 | cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case… | |
| CVE-2021-21535 | Hig | 0.48 | 7.4 | 0.00 | Apr 30, 2021 | Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system. | ||
| CVE-2020-7731 | — | Hig | 0.42 | 7.5 | 0.02 | Apr 30, 2021 | This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |
| CVE-2020-4039 | Hig | 0.56 | 8.6 | 0.01 | Apr 30, 2021 | SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files… | ||
| CVE-2020-15153 | Hig | 0.00 | 8.2 | 0.02 | Apr 30, 2021 | Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch. | ||
| CVE-2020-27519 | Hig | 0.00 | 7.8 | 0.00 | Apr 30, 2021 | Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged… | ||
| CVE-2021-26807 | Hig | 0.51 | 7.8 | 0.00 | Apr 30, 2021 | GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. | ||
| CVE-2021-31871 | Hig | 0.00 | 7.5 | 0.02 | Apr 30, 2021 | An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. | ||
| CVE-2021-31919 | — | Hig | 0.42 | 7.5 | 0.01 | Apr 30, 2021 | An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct. | |
| CVE-2021-29468 | Hig | 0.57 | 8.8 | 0.01 | Apr 29, 2021 | Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a… | ||
| CVE-2020-15225 | Hig | 0.42 | 7.5 | 0.02 | Apr 29, 2021 | django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input… | ||
| CVE-2021-1086 | Hig | 0.46 | 7.1 | 0.00 | Apr 29, 2021 | NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version… | ||
| CVE-2021-1085 | Hig | 0.47 | 7.3 | 0.00 | Apr 29, 2021 | NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and… | ||
| CVE-2021-1084 | Hig | 0.51 | 7.8 | 0.00 | Apr 29, 2021 | NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior… | ||
| CVE-2021-1083 | Hig | 0.51 | 7.8 | 0.00 | Apr 29, 2021 | NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x… | ||
| CVE-2021-1082 | Hig | 0.51 | 7.8 | 0.00 | Apr 29, 2021 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4)… | ||
| CVE-2021-1081 | Hig | 0.51 | 7.8 | 0.00 | Apr 29, 2021 | NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x… | ||
| CVE-2021-1080 | Hig | 0.51 | 7.8 | 0.00 | Apr 29, 2021 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x… | ||
| CVE-2021-21388 | Hig | 0.51 | 8.9 | 0.02 | Apr 29, 2021 | systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >=… | ||
| CVE-2021-1504 | Hig | 0.56 | 8.6 | 0.02 | Apr 29, 2021 | Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of… | ||
| CVE-2021-1501 | Hig | 0.56 | 8.6 | 0.01 | Apr 29, 2021 | A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service… | ||
| CVE-2021-1493 | Hig | 0.55 | 8.5 | 0.01 | Apr 29, 2021 | A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to… | ||
| CVE-2021-1448 | Hig | 0.51 | 7.8 | 0.00 | Apr 29, 2021 | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This… | ||
| CVE-2021-1445 | Hig | 0.56 | 8.6 | 0.02 | Apr 29, 2021 | Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of… | ||
| CVE-2021-1402 | Hig | 0.56 | 8.6 | 0.01 | Apr 29, 2021 | A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to… | ||
| CVE-2020-18032 | Hig | 0.51 | 7.8 | 0.03 | Apr 29, 2021 | Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. | ||
| CVE-2021-31438 | Hig | 0.51 | 7.8 | 0.03 | Apr 29, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2021-31437 | Hig | 0.51 | 7.8 | 0.03 | Apr 29, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2021-31436 | Hig | 0.51 | 7.8 | 0.03 | Apr 29, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… |
- risk 0.51cvss 7.8epss 0.00
All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM.
- risk 0.51cvss 7.8epss 0.01
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
- risk 0.49cvss 7.5epss 0.02
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are…
- risk 0.48cvss 7.3epss 0.01
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
- risk 0.49cvss 7.5epss 0.01
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
- risk 0.51cvss 7.8epss 0.00
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
- risk 0.57cvss 8.8epss 0.01
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
- risk 0.58cvss 8.8epss 0.04
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge().
- risk 0.49cvss 7.5epss 0.02
OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.
- risk 0.04cvss 7.2epss 0.14
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to…
- risk 0.53cvss 8.1epss 0.01
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.
- risk 0.54cvss 8.3epss 0.01
Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive…
- risk 0.57cvss 8.8epss 0.01
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading…
- risk 0.57cvss 8.8epss 0.01
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.00cvss 7.5epss 0.02
cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case…
- risk 0.48cvss 7.4epss 0.00
Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.
- risk 0.42cvss 7.5epss 0.02
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
- risk 0.56cvss 8.6epss 0.01
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files…
- risk 0.00cvss 8.2epss 0.02
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
- risk 0.00cvss 7.8epss 0.00
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged…
- risk 0.51cvss 7.8epss 0.00
GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.
- risk 0.00cvss 7.5epss 0.02
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
- risk 0.57cvss 8.8epss 0.01
Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a…
- risk 0.42cvss 7.5epss 0.02
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input…
- risk 0.46cvss 7.1epss 0.00
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version…
- risk 0.47cvss 7.3epss 0.00
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and…
- risk 0.51cvss 7.8epss 0.00
NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior…
- risk 0.51cvss 7.8epss 0.00
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x…
- risk 0.51cvss 7.8epss 0.00
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4)…
- risk 0.51cvss 7.8epss 0.00
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x…
- risk 0.51cvss 7.8epss 0.00
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x…
- risk 0.51cvss 8.9epss 0.02
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >=…
- risk 0.56cvss 8.6epss 0.02
Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service…
- risk 0.55cvss 8.5epss 0.01
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to…
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This…
- risk 0.56cvss 8.6epss 0.02
Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to…
- risk 0.51cvss 7.8epss 0.03
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
- risk 0.51cvss 7.8epss 0.03
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.51cvss 7.8epss 0.03
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.51cvss 7.8epss 0.03
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…