Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-17 | CVE-2021-30260 | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.8 |
| 2021-09-17 | CVE-2021-30261 | Improper Input Validation vulnerability in Qualcomm products Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
| 2021-09-17 | CVE-2021-3803 | nth-check is vulnerable to Inefficient Regular Expression Complexity | 7.5 |
| 2021-09-17 | CVE-2021-3804 | Unspecified vulnerability in Taro taro is vulnerable to Inefficient Regular Expression Complexity | 7.5 |
| 2021-09-17 | CVE-2021-3807 | ansi-regex is vulnerable to Inefficient Regular Expression Complexity | 7.5 |
| 2021-09-17 | CVE-2021-3810 | Unspecified vulnerability in Coder Code-Server code-server is vulnerable to Inefficient Regular Expression Complexity | 7.5 |
| 2021-09-17 | CVE-2021-3805 | object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 7.5 |
| 2021-09-16 | CVE-2020-21598 | Out-of-bounds Write vulnerability in multiple products libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. | 8.8 |
| 2021-09-16 | CVE-2021-41314 | Injection vulnerability in Netgear products Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). | 8.8 |
| 2021-09-16 | CVE-2021-29825 | Unspecified vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. | 7.5 |