CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2021-36368
Low

W OpenSSH przed wersją 8.9 odkryto problem związany z uwierzytelnianiem kluczem publicznym przy użyciu przekazywania agenta. Jeśli atakujący zmodyfikował serwer, aby wspierał opcję uwierzytelniania None, użytkownik nie może określić, czy uwierzytelnienie FIDO potwierdza chęć połączenia z serwerem, czy też pozwala temu serwerowi na połączenie z innym serwerem w imieniu użytkownika.

CVE-2020-8562
Low

Podatność CVE-2020-8562 dotyczy mechanizmu w Kubernetes, który ma na celu zapobieganie dostępowi do sieci lokalnych i localhost przez połączenia proxy. W wyniku błędu w walidacji odpowiedzi DNS, użytkownik może ominąć te ograniczenia i uzyskać dostęp do prywatnych sieci w kontrolerze.

CVE-2021-39911
Low

All versions of GitLab CE/EE from 13.9 before 14.2.6, from 14.3 before 14.3.4, and from 14.4 before 14.4.1 have an improper access control flaw that exposes private email addresses of Issue and Merge Requests assignees to Webhook data consumers.

CVE-2021-25740
Low

W Kubernetes odkryto problem bezpieczeństwa, który może umożliwić użytkownikom wysyłanie ruchu sieciowego do lokalizacji, do których normalnie nie mieliby dostępu, poprzez atak 'confused deputy'.

CVE-2021-38365
LowEPSS 63%

A vulnerability in Winner (ToneWinner) desktop speakers up to August 9, 2021 allows remote attackers to recover speech signals from the power-indicator LED using a telescope and an electro-optical sensor, known as a 'Glowworm' attack.

CVE-2020-9488
Low

W Apache Log4j SMTP appender występuje niewłaściwa walidacja certyfikatu w przypadku niezgodności hosta. Może to umożliwić przechwycenie połączenia SMTPS przez atak typu man-in-the-middle, co może prowadzić do ujawnienia wszelkich wiadomości logów przesyłanych przez ten appender.

CVE-2000-0503
LowEPSS 95%

The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.

CVE-2000-0518
LowEPSS 91%

Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame. This is one of two different 'SSL Certificate Validation' vulnerabilities.

CVE-2000-0519
LowEPSS 91%

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session.

CVE-2000-0487
LowEPSS 82%

The Protected Store in Windows 2000 does not properly select the strongest encryption, resulting in the use of a default 40-bit encryption instead of 56-bit DES.

CVE-2000-0402
LowEPSS 100%

The vulnerability in Microsoft SQL Server 7.0 allows the Mixed Mode authentication mechanism to store the System Administrator (sa) account password in plaintext in a log file, which is accessible to any user.

CVE-2000-0485
LowEPSS 82%

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, known as the 'DTS Password' vulnerability.

CVE-2000-0455
Low

Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.

CVE-2000-0461
Low

The undocumented semconfig system call in BSD freezes the state of semaphores, allowing local users to cause a denial of service of the semaphore system.

CVE-2000-0456
Low

NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU.

CVE-2000-0462
Low

The ftpd function in NetBSD 1.4.2 improperly parses entries in /etc/ftpchroot, preventing chroot from being applied to specified users. As a result, users can access files outside of their home directory.

CVE-2000-0553
LowEPSS 69%

A race condition in IPFilter firewall 3.4.3 and earlier allows remote attackers to bypass access restrictions when configured with overlapping 'return-rst' and 'keep state' rules.

CVE-2000-0445
Low

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

CVE-2000-0379
LowEPSS 76%

The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.

CVE-2000-0439
LowEPSS 93%

Internet Explorer 4.0 and 5.0 allow a malicious website to obtain client cookies from another domain by including that domain name and escaped characters in a URL, known as the 'Unauthorized Cookie Access' vulnerability.

PreviousPage 35 of 61Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS