| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-24068 | Hig | 0.51 | 7.8 | 0.02 | Feb 25, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-24067 | Hig | 0.51 | 7.8 | 0.02 | Feb 25, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-24066 | Hig | 0.58 | 8.8 | 0.06 | Feb 25, 2021 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2021-1734 | Hig | 0.49 | 7.5 | 0.04 | Feb 25, 2021 | Windows Remote Procedure Call Information Disclosure Vulnerability | ||
| CVE-2021-1733 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Sysinternals PsExec Elevation of Privilege Vulnerability | ||
| CVE-2021-1732 | Hig | 0.78 | 7.8 | 0.78 | KEV | Feb 25, 2021 | Windows Win32k Elevation of Privilege Vulnerability | |
| CVE-2021-1728 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | System Center Operations Manager Elevation of Privilege Vulnerability | ||
| CVE-2021-1727 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Windows Installer Elevation of Privilege Vulnerability | ||
| CVE-2021-1726 | Hig | 0.52 | 8.0 | 0.02 | Feb 25, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-1722 | Hig | 0.53 | 8.1 | 0.02 | Feb 25, 2021 | Windows Fax Service Remote Code Execution Vulnerability | ||
| CVE-2021-1698 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Windows Win32k Elevation of Privilege Vulnerability | ||
| CVE-2021-1639 | Hig | 0.46 | 7.0 | 0.02 | Feb 25, 2021 | Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2020-17162 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | Microsoft Windows Security Feature Bypass Vulnerability | ||
| CVE-2020-27543 | — | Hig | 0.49 | 7.5 | 0.03 | Feb 25, 2021 | The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. | |
| CVE-2021-3273 | Hig | 0.47 | 7.2 | 0.06 | Feb 25, 2021 | Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system. | ||
| CVE-2021-21066 | Hig | 0.51 | 7.8 | 0.03 | Feb 25, 2021 | Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2021-21065 | Hig | 0.51 | 7.8 | 0.03 | Feb 25, 2021 | Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2020-36254 | Hig | 0.46 | 8.1 | 0.02 | Feb 25, 2021 | scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. | ||
| CVE-2021-1387 | Hig | 0.56 | 8.6 | 0.01 | Feb 24, 2021 | A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain… | ||
| CVE-2021-1368 | Hig | 0.57 | 8.8 | 0.00 | Feb 24, 2021 | A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an… | ||
| CVE-2021-1230 | Hig | 0.56 | 8.6 | 0.01 | Feb 24, 2021 | A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS)… | ||
| CVE-2021-1228 | Hig | 0.48 | 7.4 | 0.00 | Feb 24, 2021 | A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized… | ||
| CVE-2021-1227 | Hig | 0.53 | 8.1 | 0.01 | Feb 24, 2021 | A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected… | ||
| CVE-2020-11988 | — | Hig | 0.47 | 8.2 | 0.07 | Feb 24, 2021 | Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET… | |
| CVE-2020-11987 | — | Hig | 0.47 | 8.2 | 0.14 | Feb 24, 2021 | Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | |
| CVE-2021-21974 | Hig | 0.61 | 8.8 | 0.45 | Feb 24, 2021 | OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the… | ||
| CVE-2020-7836 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2021 | VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page. | ||
| CVE-2021-21617 | Hig | 0.50 | 8.8 | 0.01 | Feb 24, 2021 | A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. | ||
| CVE-2020-7846 | Hig | 0.52 | 8.0 | 0.01 | Feb 24, 2021 | Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page. | ||
| CVE-2020-28599 | Hig | 0.51 | 7.8 | 0.02 | Feb 24, 2021 | A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2021-20662 | Hig | 0.49 | 7.5 | 0.02 | Feb 24, 2021 | Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. | ||
| CVE-2021-20661 | Hig | 0.53 | 8.1 | 0.02 | Feb 24, 2021 | Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | ||
| CVE-2021-20659 | Hig | 0.57 | 8.8 | 0.02 | Feb 24, 2021 | SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code. | ||
| CVE-2021-3410 | Hig | 0.51 | 7.8 | 0.01 | Feb 23, 2021 | A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | ||
| CVE-2021-20194 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2021 | There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of… | ||
| CVE-2021-20182 | Hig | 0.50 | 8.8 | 0.01 | Feb 23, 2021 | A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the… | ||
| CVE-2021-26680 | Hig | 0.47 | 7.2 | 0.02 | Feb 23, 2021 | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands… | ||
| CVE-2021-26679 | Hig | 0.47 | 7.2 | 0.02 | Feb 23, 2021 | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands… | ||
| CVE-2021-26677 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2021 | A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their… | ||
| CVE-2021-26594 | Hig | 0.57 | 8.8 | 0.01 | Feb 23, 2021 | In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||
| CVE-2021-26593 | Hig | 0.49 | 7.5 | 0.01 | Feb 23, 2021 | In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret… | ||
| CVE-2021-22882 | Hig | 0.49 | 7.5 | 0.01 | Feb 23, 2021 | UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash. | ||
| CVE-2021-22112 | Hig | 0.57 | 8.8 | 0.03 | Feb 23, 2021 | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be… | ||
| CVE-2021-20247 | Hig | 0.48 | 7.4 | 0.02 | Feb 23, 2021 | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated… | ||
| CVE-2020-28587 | Hig | 0.51 | 7.8 | 0.01 | Feb 23, 2021 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to… | ||
| CVE-2020-27782 | — | Hig | 0.00 | 7.5 | 0.01 | Feb 23, 2021 | A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system… | |
| CVE-2021-27579 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2021 | Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings. | ||
| CVE-2021-26926 | Hig | 0.00 | 7.1 | 0.01 | Feb 23, 2021 | A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | ||
| CVE-2021-26684 | Hig | 0.47 | 7.2 | 0.02 | Feb 23, 2021 | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands… | ||
| CVE-2021-26683 | Hig | 0.47 | 7.2 | 0.02 | Feb 23, 2021 | A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands… |
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.58cvss 8.8epss 0.06
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.04
Windows Remote Procedure Call Information Disclosure Vulnerability
- risk 0.51cvss 7.8epss 0.01
Sysinternals PsExec Elevation of Privilege Vulnerability
- risk 0.78cvss 7.8epss 0.78
Windows Win32k Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.02
System Center Operations Manager Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- risk 0.52cvss 8.0epss 0.02
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.53cvss 8.1epss 0.02
Windows Fax Service Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Win32k Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.02
Visual Studio Code Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Microsoft Windows Security Feature Bypass Vulnerability
- risk 0.49cvss 7.5epss 0.03
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.
- risk 0.47cvss 7.2epss 0.06
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.46cvss 8.1epss 0.02
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain…
- risk 0.57cvss 8.8epss 0.00
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an…
- risk 0.56cvss 8.6epss 0.01
A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS)…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized…
- risk 0.53cvss 8.1epss 0.01
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected…
- risk 0.47cvss 8.2epss 0.07
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET…
- risk 0.47cvss 8.2epss 0.14
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
- risk 0.61cvss 8.8epss 0.45
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the…
- risk 0.51cvss 7.8epss 0.01
VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page.
- risk 0.50cvss 8.8epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.
- risk 0.52cvss 8.0epss 0.01
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.
- risk 0.51cvss 7.8epss 0.02
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
- risk 0.49cvss 7.5epss 0.02
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.
- risk 0.53cvss 8.1epss 0.02
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.
- risk 0.51cvss 7.8epss 0.00
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of…
- risk 0.50cvss 8.8epss 0.01
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the…
- risk 0.47cvss 7.2epss 0.02
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…
- risk 0.47cvss 7.2epss 0.02
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…
- risk 0.51cvss 7.8epss 0.00
A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their…
- risk 0.57cvss 8.8epss 0.01
In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- risk 0.49cvss 7.5epss 0.01
In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret…
- risk 0.49cvss 7.5epss 0.01
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
- risk 0.57cvss 8.8epss 0.03
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be…
- risk 0.48cvss 7.4epss 0.02
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated…
- risk 0.51cvss 7.8epss 0.01
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to…
- risk 0.00cvss 7.5epss 0.01
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system…
- risk 0.51cvss 7.8epss 0.00
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.
- risk 0.00cvss 7.1epss 0.01
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
- risk 0.47cvss 7.2epss 0.02
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…
- risk 0.47cvss 7.2epss 0.02
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…