Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2021-08-10 CVE-2021-21598 Unspecified vulnerability in Dell Wyse Thinos 9.0/9.1
Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability.
low complexity
dell
3.9
2021-08-10 CVE-2020-25082 Information Exposure Through Discrepancy vulnerability in Nuvoton Npct75X Firmware
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.
high complexity
nuvoton CWE-203
3.8
2021-08-10 CVE-2021-38372 Command Injection vulnerability in KDE Trojita 0.7
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
network
high complexity
kde CWE-77
3.7
2021-08-10 CVE-2021-38365 Unspecified vulnerability in Tonewinner Winner Desktop Speakers Firmware 20210809
Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack.
network
high complexity
tonewinner
3.7
2021-08-10 CVE-2021-33738 Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization
A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2).
local
low complexity
siemens
3.3
2021-08-09 CVE-2021-21740 Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product.
low complexity
zte CWE-59
2.4
2021-08-08 CVE-2021-38205 Access of Uninitialized Pointer vulnerability in multiple products
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
local
low complexity
linux debian CWE-824
3.3
2021-08-08 CVE-2021-38209 Information Exposure Through Discrepancy vulnerability in Linux Kernel
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces.
local
low complexity
linux CWE-203
3.3
2021-08-05 CVE-2021-22924 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
3.7
2021-08-05 CVE-2021-32002 Unspecified vulnerability in Secomea Sitemanager Firmware
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager.
local
low complexity
secomea
3.3