Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27245 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309. | |||||
| CVE-2021-1517 | 1 Cisco | 2 Webex Meetings Online, Webex Meetings Server | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
| A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before files are offered to other users. | |||||
| CVE-2020-15215 | 1 Electronjs | 1 Electron | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. | |||||
| CVE-2019-3741 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2019-1669 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software. | |||||
| CVE-2019-13924 | 1 Siemens | 16 Scalance X-200irt, Scalance X-200irt Firmware, Scalance X-300 and 13 more | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. | |||||
| CVE-2019-12938 | 1 Analogic | 1 Poste.io | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI. | |||||
| CVE-2019-10328 | 1 Jenkins | 1 Pipeline Remote Loader | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
| CVE-2018-9322 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell. | |||||
| CVE-2018-9320 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | |||||
| CVE-2018-9318 | 1 Bmw | 2 Telematics Control Unit, Telematics Control Unit Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | |||||
| CVE-2018-9314 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. | |||||
| CVE-2018-9313 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | 5.7 MEDIUM | 5.3 MEDIUM |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot. | |||||
| CVE-2018-9312 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | |||||
| CVE-2018-9311 | 1 Bmw | 2 Telematics Control Unit, Telematics Control Unit Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | |||||
| CVE-2018-6794 | 2 Debian, Suricata-ids | 2 Debian Linux, Suricata | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual. | |||||
| CVE-2018-0326 | 1 Cisco | 2 Telepresence Tx9000, Telepresence Tx9000 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCun79565. | |||||
| CVE-2018-0297 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets received out of order. An attacker could exploit this vulnerability by sending a crafted SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured SSL AC policy to block SSL traffic. Cisco Bug IDs: CSCvg09316. | |||||
| CVE-2018-0254 | 1 Cisco | 31 Amp 7150, Amp 8150, Firepower Appliance 7010 and 28 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured. The vulnerability is due to incorrect counting of the percentage of dropped traffic. An attacker could exploit this vulnerability by sending network traffic to a targeted device. An exploit could allow the attacker to bypass configured file action policies, and traffic that should be dropped could be allowed into the network. Cisco Bug IDs: CSCvf86435. | |||||
| CVE-2018-0250 | 1 Cisco | 1 Aironet Access Point Software | 2024-11-21 | 2.7 LOW | 4.1 MEDIUM |
| A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756. | |||||