Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-21 CVE-2020-27212 Injection vulnerability in ST Stm32Cubel4 Firmware
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control.
local
high complexity
st CWE-74
7.0
2021-05-21 CVE-2021-32032 Memory Leak vulnerability in Linaro Trusted Firmware-M
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
network
low complexity
linaro CWE-401
7.5
2021-05-21 CVE-2021-28798 Path Traversal vulnerability in Qnap QTS and Quts Hero
A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
low complexity
qnap CWE-22
7.5
2021-05-20 CVE-2020-27209 Unspecified vulnerability in Micro-Ecc Project Micro-Ecc 1.0
The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key.
network
low complexity
micro-ecc-project
7.5
2021-05-20 CVE-2020-18220 Inadequate Encryption Strength vulnerability in Html-Js Doracms
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.
network
low complexity
html-js CWE-326
7.5
2021-05-20 CVE-2021-33477 Improper Handling of Exceptional Conditions vulnerability in multiple products
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q).
8.8
2021-05-20 CVE-2021-28902 Unchecked Return Value vulnerability in Cesnet Libyang
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL.
network
low complexity
cesnet CWE-252
7.5
2021-05-20 CVE-2021-28903 Uncontrolled Recursion vulnerability in Cesnet Libyang
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem().
network
low complexity
cesnet CWE-674
7.5
2021-05-20 CVE-2021-28904 Unchecked Return Value vulnerability in Cesnet Libyang
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL.
network
low complexity
cesnet CWE-252
7.5
2021-05-20 CVE-2021-28905 Reachable Assertion vulnerability in Cesnet Libyang
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL.
network
low complexity
cesnet CWE-617
7.5