CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2021-34993 Bypass 2022-01-13 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-13706.
1502 CVE-2021-34994 Exec Code Bypass 2022-01-13 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class. The issue results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. Was ZDI-CAN-13755.
1503 CVE-2021-34995 Exec Code Bypass 2022-01-13 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DownloadCenterUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13756.
1504 CVE-2021-34996 Exec Code Bypass 2022-01-13 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Demo_ExecuteProcessOnGroup workflow. By creating a workflow, an attacker can specify an arbitrary command to be executed. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-13889.
1505 CVE-2021-34997 Exec Code Bypass 2022-01-13 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894.
1506 CVE-2021-34998 Exec Code 2022-01-13 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-14208.
1507 CVE-2021-35214 613 2021-10-12 2021-10-18
1.9
None Local Medium Not required None Partial None
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
1508 CVE-2021-35452 2022-01-10 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
1509 CVE-2021-35500 2022-01-12 2022-01-13
0.0
None ??? ??? ??? ??? ??? ???
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
1510 CVE-2021-35618 DoS 2021-10-20 2021-11-22
1.4
None Local Network High ??? None None Partial
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).
1511 CVE-2021-35969 DoS 2022-01-15 2022-01-15
0.0
None ??? ??? ??? ??? ??? ???
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
1512 CVE-2021-36199 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.
1513 CVE-2021-36408 2022-01-10 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
1514 CVE-2021-36409 DoS 2022-01-10 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
1515 CVE-2021-36410 Overflow 2022-01-10 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
1516 CVE-2021-36411 DoS 2022-01-10 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
1517 CVE-2021-36412 Overflow 2022-01-10 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,
1518 CVE-2021-36414 DoS Exec Code Overflow 2022-01-10 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
1519 CVE-2021-36781 276 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
1520 CVE-2021-36920 XSS 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
1521 CVE-2021-37436 +Info 2021-07-24 2021-08-09
1.9
None Local Medium Not required Partial None None
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.
1522 CVE-2021-37529 DoS 2022-01-12 2022-01-13
0.0
None ??? ??? ??? ??? ??? ???
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
1523 CVE-2021-37530 DoS 2022-01-12 2022-01-13
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
1524 CVE-2021-37600 190 Overflow 2021-07-30 2021-10-18
1.2
None Local High Not required None None Partial
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
1525 CVE-2021-38126 XSS 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
1526 CVE-2021-38127 XSS 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
1527 CVE-2021-38677 XSS 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
1528 CVE-2021-38678 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
1529 CVE-2021-38682 Exec Code Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later
1530 CVE-2021-38689 Exec Code Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
1531 CVE-2021-38690 Exec Code Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
1532 CVE-2021-38691 Exec Code Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
1533 CVE-2021-38692 Exec Code Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later
1534 CVE-2021-38892 Exec Code 2022-01-12 2022-01-12
0.0
None ??? ??? ??? ??? ??? ???
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511.
1535 CVE-2021-38965 Exec Code 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346.
1536 CVE-2021-38991 Exec Code 2022-01-11 2022-01-11
0.0
None ??? ??? ??? ??? ??? ???
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.
1537 CVE-2021-39032 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962.
1538 CVE-2021-39056 DoS 2022-01-13 2022-01-13
0.0
None ??? ??? ??? ??? ??? ???
The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537.
1539 CVE-2021-39143 2022-01-04 2022-01-04
0.0
None ??? ??? ??? ??? ??? ???
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.
1540 CVE-2021-39330 XSS 2021-10-14 2021-11-10
0.0
None ??? ??? ??? ??? ??? ???
The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found in the ~/classes/helpers/FrmAppHelper.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 5.0.06. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
1541 CVE-2021-39621 Bypass 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319
1542 CVE-2021-39626 Bypass 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497
1543 CVE-2021-39627 Bypass 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549
1544 CVE-2021-39629 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344
1545 CVE-2021-39630 Bypass 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292
1546 CVE-2021-39632 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709
1547 CVE-2021-39633 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel
1548 CVE-2021-39634 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel
1549 CVE-2021-39648 668 2021-12-15 2021-12-20
1.9
None Local Medium Not required Partial None None
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel
1550 CVE-2021-39659 DoS 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659
Total number of vulnerabilities : 1589   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.