Weekly Vulnerabilities Reports > August 9 to 15, 2021

Overview

470 new vulnerabilities reported during this period, including 73 critical vulnerabilities and 174 high severity vulnerabilities. This weekly summary report vulnerabilities in 448 products from 170 vendors including Google, Netgear, Fedoraproject, Intel, and Foxitsoftware. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "NULL Pointer Dereference", "Cross-Site Request Forgery (CSRF)", and "SQL Injection".

  • 311 reported vulnerabilities are remotely exploitables.
  • 122 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 253 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 59 reported vulnerabilities.
  • Foxitsoftware has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

73 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-13 CVE-2021-37705 Microsoft Incorrect Authorization vulnerability in Microsoft Onefuzz

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform.

10.0
2021-08-13 CVE-2021-21829 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7.

9.8
2021-08-13 CVE-2021-21830 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7.

9.8
2021-08-13 CVE-2020-18753 Dcce Missing Authorization vulnerability in Dcce Mac1100 PLC Firmware

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.

9.8
2021-08-13 CVE-2020-18758 Dcce Command Injection vulnerability in Dcce Mac1100 PLC Firmware

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.

9.8
2021-08-13 CVE-2021-36789 Dated News Project SQL Injection vulnerability in Dated News Project Dated News

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection.

9.8
2021-08-13 CVE-2021-38302 Newsletter Project SQL Injection vulnerability in Newsletter Project Newsletter

The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.

9.8
2021-08-13 CVE-2021-1104 Risc V Use of Uninitialized Resource vulnerability in Risc-V Instruction SET Manual

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

9.8
2021-08-13 CVE-2021-32071 Mitel Unspecified vulnerability in Mitel Micollab

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control.

9.8
2021-08-13 CVE-2021-36380 Sunhillo OS Command Injection vulnerability in Sunhillo Sureline

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

9.8
2021-08-13 CVE-2021-37344 Nagios OS Command Injection vulnerability in Nagios XI Switch Wizard

Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).

9.8
2021-08-13 CVE-2021-37346 Nagios OS Command Injection vulnerability in Nagios XI Watchguard Wizard

Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).

9.8
2021-08-13 CVE-2021-37350 Nagios SQL Injection vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.

9.8
2021-08-13 CVE-2021-37353 Nagios Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Docker Wizard

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.

9.8
2021-08-12 CVE-2020-36363 Amazon Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019

Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.

9.8
2021-08-12 CVE-2021-28121 Virtual Robots TXT Project Unspecified vulnerability in Virtual Robots.Txt Project Virtual Robots.Txt

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.

9.8
2021-08-12 CVE-2021-28890 J2Eefast SQL Injection vulnerability in J2Eefast 2.2.1

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.

9.8
2021-08-12 CVE-2021-29377 Pearadmin Unrestricted Upload of File with Dangerous Type vulnerability in Pearadmin Think 2.0.0/2.1.0/2.1.2

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely.

9.8
2021-08-12 CVE-2021-31556 Mediawiki
Fedoraproject
Improper Validation of Specified Quantity in Input vulnerability in multiple products

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.

9.8
2021-08-12 CVE-2021-31698 Quectel OS Command Injection vulnerability in Quectel Eg25-G Firmware

Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.

9.8
2021-08-12 CVE-2021-33199 Expressionengine Improper Input Validation vulnerability in Expressionengine

In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.

9.8
2021-08-12 CVE-2021-37599 Nuance SQL Injection vulnerability in Nuance Winscribe Dictation 4.1.0.99

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.

9.8
2021-08-12 CVE-2021-20509 IBM Injection vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection.

9.8
2021-08-12 CVE-2021-38606 Yogeshojha Use of Insufficiently Random Values vulnerability in Yogeshojha Rengine

reNgine through 0.5 relies on a predictable directory name.

9.8
2021-08-12 CVE-2020-20975 Gxlcms SQL Injection vulnerability in Gxlcms 1.1

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.

9.8
2021-08-12 CVE-2020-20979 8Cms Unrestricted Upload of File with Dangerous Type vulnerability in 8Cms Ljcms 4.3.

An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.

9.8
2021-08-12 CVE-2021-20314 Libspf2
Redhat
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

9.8
2021-08-12 CVE-2020-28165 Easycorp Unrestricted Upload of File with Dangerous Type vulnerability in Easycorp Zentao

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability.

9.8
2021-08-12 CVE-2021-37222 Rcdcap Project Unspecified vulnerability in Rcdcap Project Rcdcap

Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.

9.8
2021-08-11 CVE-2021-38563 Foxitsoftware
Foxit
Improper Validation of Array Index vulnerability in multiple products

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

9.8
2021-08-11 CVE-2021-38568 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

9.8
2021-08-11 CVE-2021-38572 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

9.8
2021-08-11 CVE-2021-38573 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

9.8
2021-08-11 CVE-2021-38574 Foxitsoftware SQL Injection vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

9.8
2021-08-11 CVE-2020-21359 Maccms Unrestricted Upload of File with Dangerous Type vulnerability in Maccms 10.0

An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.

9.8
2021-08-11 CVE-2020-25560 Sapphireims Use of Hard-coded Credentials vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal.

9.8
2021-08-11 CVE-2020-25563 Sapphireims Missing Authentication for Critical Function vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.

9.8
2021-08-11 CVE-2020-25565 Sapphireims Use of Hard-coded Credentials vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal.

9.8
2021-08-11 CVE-2020-25566 Sapphireims Missing Authentication for Critical Function vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC.

9.8
2021-08-11 CVE-2021-33793 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

9.8
2021-08-11 CVE-2021-23421 Merge Change Project Unspecified vulnerability in Merge-Change Project Merge-Change

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.

9.8
2021-08-11 CVE-2021-20418 IBM Weak Password Requirements vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

9.8
2021-08-11 CVE-2021-23420 Codeception Deserialization of Untrusted Data vulnerability in Codeception

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3.

9.8
2021-08-11 CVE-2021-38530 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

9.8
2021-08-11 CVE-2021-38527 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

9.8
2021-08-11 CVE-2021-38528 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

9.8
2021-08-11 CVE-2021-38529 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

9.8
2021-08-11 CVE-2021-38513 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

9.8
2021-08-11 CVE-2021-38516 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by lack of access control at the function level.

9.8
2021-08-10 CVE-2021-20032 Sonicwall Unspecified vulnerability in Sonicwall Analytics 2.5.0.3/2.5.2518

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution.

9.8
2021-08-10 CVE-2021-38140 SET User Project Improper Privilege Management vulnerability in SET User Project SET User

The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().

9.8
2021-08-10 CVE-2021-38383 Owntone Project Use After Free vulnerability in Owntone Project Owntone

OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.

9.8
2021-08-10 CVE-2021-38384 Serverless Offline Project Improper Handling of Exceptional Conditions vulnerability in Serverless Offline Project Serverless Offline 8.0.0

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

9.8
2021-08-10 CVE-2021-32943 Advantech Out-of-bounds Write vulnerability in Advantech Webaccess/Scada

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

9.8
2021-08-09 CVE-2020-23151 Rconfig OS Command Injection vulnerability in Rconfig 3.9.5

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.

9.8
2021-08-09 CVE-2021-21564 Dell Improper Authentication vulnerability in Dell Openmanage Enterprise 3.5

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability.

9.8
2021-08-09 CVE-2014-9320 SAP Improper Authentication vulnerability in SAP Businessobjects Edge 4.1

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.

9.8
2021-08-09 CVE-2013-6276 Qnap Use of Hard-coded Credentials vulnerability in Qnap products

QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files.

9.8
2021-08-09 CVE-2021-22910 Rocket Chat Unspecified vulnerability in Rocket.Chat

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.

9.8
2021-08-09 CVE-2021-24499 Amentotech Unspecified vulnerability in Amentotech Workreap

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way.

9.8
2021-08-09 CVE-2021-24507 Brainstormforce Unspecified vulnerability in Brainstormforce Astra

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues

9.8
2021-08-09 CVE-2021-32797 Jupyter Cross-site Scripting vulnerability in Jupyter Jupyterlab

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook.

9.6
2021-08-09 CVE-2021-32798 Jupyter Cross-site Scripting vulnerability in Jupyter Notebook

The Jupyter notebook is a web-based notebook environment for interactive computing.

9.6
2021-08-13 CVE-2021-34823 On24 XXE vulnerability in On24 Screenshare

The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server.

9.1
2021-08-13 CVE-2021-3352 Mitel Unspecified vulnerability in Mitel Micontact Center Business

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.

9.1
2021-08-13 CVE-2021-38621 Netless Unspecified vulnerability in Netless Flat Server

The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.

9.1
2021-08-13 CVE-2021-27741 Hcltechsw XXE vulnerability in Hcltechsw HCL Commerce

" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"

9.1
2021-08-11 CVE-2021-38564 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware PDF Editor and PDF Reader

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

9.1
2021-08-11 CVE-2021-38570 Foxitsoftware Link Following vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

9.1
2021-08-11 CVE-2021-33794 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

9.1
2021-08-11 CVE-2019-25052 Linaro Use of a Broken or Risky Cryptographic Algorithm vulnerability in Linaro Op-Tee

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

9.1
2021-08-10 CVE-2021-37425 Altova XXE vulnerability in Altova Mobiletogether Server 7.0/7.3

Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.

9.1
2021-08-15 CVE-2021-25955 Dolibarr Cross-site Scripting vulnerability in Dolibarr

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.

9.0

174 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-13 CVE-2021-37343 Nagios Path Traversal vulnerability in Nagios XI

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

8.8
2021-08-12 CVE-2021-37678 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

8.8
2021-08-12 CVE-2020-22403 Express Cart Project Cross-Site Request Forgery (CSRF) vulnerability in Express-Cart Project Express-Cart

Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.

8.8
2021-08-12 CVE-2021-38366 Sitecore Unrestricted Upload of File with Dangerous Type vulnerability in Sitecore

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.

8.8
2021-08-12 CVE-2020-18460 711Cms Cross-Site Request Forgery (CSRF) vulnerability in 711Cms 1.0.7

Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.

8.8
2021-08-12 CVE-2021-36921 Monitorapp Improper Authentication vulnerability in Monitorapp Application Insight Manager B107

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication.

8.8
2021-08-12 CVE-2020-24576 Netskope Improper Privilege Management vulnerability in Netskope

Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.

8.8
2021-08-11 CVE-2017-16630 Sapphireims Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

8.8
2021-08-11 CVE-2020-25564 Sapphireims Incorrect Authorization vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.

8.8
2021-08-11 CVE-2020-21976 Newsone CMS Project Unrestricted Upload of File with Dangerous Type vulnerability in Newsone CMS Project Newsone CMS 1.1.0

An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.

8.8
2021-08-11 CVE-2021-3050 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges.

8.8
2021-08-11 CVE-2020-28589 Tinyobjloader Project Improper Validation of Array Index vulnerability in Tinyobjloader Project Tinyobjloader 2.0

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421.

8.8
2021-08-11 CVE-2021-38539 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by privilege escalation.

8.8
2021-08-10 CVE-2020-21688 Ffmpeg
Debian
Use After Free vulnerability in multiple products

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

8.8
2021-08-10 CVE-2021-33708 Kyma Project Improper Input Validation vulnerability in Kyma-Project Kyma

Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.

8.8
2021-08-10 CVE-2021-37366 Ctparental Project Cross-Site Request Forgery (CSRF) vulnerability in Ctparental Project Ctparental

CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel.

8.8
2021-08-09 CVE-2021-21596 Dell Unspecified vulnerability in Dell products

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability.

8.8
2021-08-09 CVE-2013-4717 Otrs SQL Injection vulnerability in Otrs and Otrs Itsm

Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.

8.8
2021-08-09 CVE-2021-33256 Zohocorp Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user.

8.8
2021-08-09 CVE-2021-24520 Coderstimes Unspecified vulnerability in Coderstimes OUT of Stock Message for Woocommerce

The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks.

8.8
2021-08-09 CVE-2021-37214 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.

8.8
2021-08-12 CVE-2021-36982 Monitorapp Improper Input Validation vulnerability in Monitorapp Application Insight Manager B107

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.

8.1
2021-08-11 CVE-2021-38588 Cpanel Download of Code Without Integrity Check vulnerability in Cpanel

In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).

8.1
2021-08-11 CVE-2021-38589 Cpanel Unspecified vulnerability in Cpanel

In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).

8.1
2021-08-09 CVE-2021-38290 Thedaylightstudio Injection vulnerability in Thedaylightstudio Fuel CMS

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php.

8.1
2021-08-09 CVE-2021-24500 Amentotech Cross-Site Request Forgery (CSRF) vulnerability in Amentotech Workreap

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated.

8.1
2021-08-09 CVE-2021-24501 Amentotech Unspecified vulnerability in Amentotech Workreap

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects.

8.1
2021-08-12 CVE-2020-18458 Damicms Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.6

Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.

8.0
2021-08-11 CVE-2021-32122 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

8.0
2021-08-13 CVE-2021-21812 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7.

7.8
2021-08-13 CVE-2021-21813 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line.

7.8
2021-08-13 CVE-2021-21814 ATT Argument Injection or Modification vulnerability in ATT Xmill 0.7

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line.

7.8
2021-08-13 CVE-2021-21815 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7.

7.8
2021-08-13 CVE-2021-34398 Nvidia Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nvidia Data Center GPU Manager

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.

7.8
2021-08-13 CVE-2021-37345 Nagios Improper Privilege Management vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.

7.8
2021-08-13 CVE-2021-37347 Nagios Path Traversal vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

7.8
2021-08-13 CVE-2021-37349 Nagios Unspecified vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.

7.8
2021-08-12 CVE-2021-37663 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37665 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37679 Google Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37648 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37652 Google Double Free vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37666 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37667 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37671 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37676 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37681 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37650 Google Out-of-bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37651 Google Out-of-bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37656 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37657 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37658 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37659 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37662 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37638 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-37639 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.8
2021-08-12 CVE-2021-27790 Broadcom Out-of-bounds Write vulnerability in Broadcom Fabric Operating System

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input.

7.8
2021-08-12 CVE-2021-27792 Broadcom Unspecified vulnerability in Broadcom Fabric Operating System

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.

7.8
2021-08-12 CVE-2021-27794 Broadcom Improper Authentication vulnerability in Broadcom Fabric Operating System

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

7.8
2021-08-12 CVE-2021-37841 Docker Incorrect Permission Assignment for Critical Resource vulnerability in Docker Desktop

Docker Desktop before 3.6.0 suffers from incorrect access control.

7.8
2021-08-12 CVE-2021-38086 Acronis Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.

7.8
2021-08-12 CVE-2021-38088 Acronis Unspecified vulnerability in Acronis Cyber Protect 15

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.

7.8
2021-08-11 CVE-2021-36770 P5 Encode Project
Fedoraproject
Uncontrolled Search Path Element vulnerability in multiple products

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading.

7.8
2021-08-11 CVE-2021-1106 Nvidia Out-of-bounds Write vulnerability in Nvidia Jetson Linux and Shield Experience

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.

7.8
2021-08-11 CVE-2021-1107 Nvidia Unspecified vulnerability in Nvidia Jetson Linux and Shield Experience

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

7.8
2021-08-11 CVE-2021-38571 Foxitsoftware Uncontrolled Search Path Element vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

7.8
2021-08-11 CVE-2020-25561 Sapphireims Use of Hard-coded Credentials vulnerability in Sapphireims 5.0

SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server.

7.8
2021-08-11 CVE-2021-32439 Gpac Classic Buffer Overflow vulnerability in Gpac 1.0.1

Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

7.8
2021-08-11 CVE-2021-37694 Asyncapi Code Injection vulnerability in Asyncapi Java-Spring-Cloud-Stream-Template

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice.

7.8
2021-08-11 CVE-2021-38085 Canon Incorrect Permission Assignment for Critical Resource vulnerability in Canon Pixma Tr150 Firmware 3.71.2.10

The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue.

7.8
2021-08-11 CVE-2021-0061 Intel Improper Initialization vulnerability in Intel Graphics Drivers

Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2021-08-11 CVE-2021-0062 Intel Improper Input Validation vulnerability in Intel Graphics Drivers

Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2021-08-11 CVE-2021-0084 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2021-08-11 CVE-2021-0160 Intel Uncontrolled Search Path Element vulnerability in Intel Avermedia Capture Card

Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2021-08-11 CVE-2021-0196 Intel Unspecified vulnerability in Intel products

Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2021-08-11 CVE-2021-32931 Fatek Unspecified vulnerability in Fatek Fvdesigner

An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

7.8
2021-08-11 CVE-2021-32939 Fatek Out-of-bounds Write vulnerability in Fatek Fvdesigner

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution.

7.8
2021-08-11 CVE-2021-32947 Fatek Unspecified vulnerability in Fatek Fvdesigner

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

7.8
2021-08-10 CVE-2021-21567 Dell Improper Privilege Management vulnerability in Dell Powerscale Onefs 9.0.0.0/9.1.0.0

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability.

7.8
2021-08-10 CVE-2021-21601 Dell Unspecified vulnerability in Dell products

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS.

7.8
2021-08-10 CVE-2021-37367 Ctparental Project Path Traversal vulnerability in Ctparental Project Ctparental

CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel.

7.8
2021-08-10 CVE-2021-22385 Huawei Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui and Magic UI

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability.

7.8
2021-08-10 CVE-2021-37179 Siemens Unspecified vulnerability in Siemens Solid Edge Se2021 Firmware

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7).

7.8
2021-08-10 CVE-2021-37180 Siemens Unspecified vulnerability in Siemens Solid Edge Se2021 Firmware

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7).

7.8
2021-08-09 CVE-2020-24742 QT Unspecified vulnerability in QT

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

7.8
2021-08-09 CVE-2021-36276 Dell Unspecified vulnerability in Dell Dbutildrv2.Sys Firmware 2.5/2.6

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure.

7.8
2021-08-09 CVE-2021-36277 Dell Improper Verification of Cryptographic Signature vulnerability in Dell products

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability.

7.8
2021-08-09 CVE-2021-38305 23Andme Unrestricted Upload of File with Dangerous Type vulnerability in 23Andme Yamale

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file.

7.8
2021-08-13 CVE-2020-18754 Dcce Exposure of Resource to Wrong Sphere vulnerability in Dcce Mac1100 PLC Firmware

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.

7.5
2021-08-13 CVE-2020-18756 Dcce Out-of-bounds Read vulnerability in Dcce Mac1100 PLC Firmware

An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.

7.5
2021-08-13 CVE-2020-18757 Dcce Missing Authorization vulnerability in Dcce Mac1100 PLC Firmware

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.

7.5
2021-08-13 CVE-2020-18759 Dcce Cleartext Storage of Sensitive Information vulnerability in Dcce Mac1100 PLC Firmware

An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.

7.5
2021-08-13 CVE-2021-36786 Miniorange Insecure Storage of Sensitive Information vulnerability in Miniorange Saml

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.

7.5
2021-08-13 CVE-2021-36793 Routes Project Information Exposure vulnerability in Routes Project Routes

The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.

7.5
2021-08-13 CVE-2021-38623 Deferred Image Processing Project Improper Resource Shutdown or Release vulnerability in Deferred Image Processing Project Deferred Image Processing

The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.

7.5
2021-08-13 CVE-2021-37693 Discourse Unspecified vulnerability in Discourse

Discourse is an open-source platform for community discussion.

7.5
2021-08-13 CVE-2021-37348 Nagios Files or Directories Accessible to External Parties vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.

7.5
2021-08-12 CVE-2021-38614 Polipo Project Out-of-bounds Write vulnerability in Polipo Project Polipo

Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header.

7.5
2021-08-12 CVE-2021-33056 Linphone HTTP Request Smuggling vulnerability in Linphone Belle-Sip

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.

7.5
2021-08-12 CVE-2021-38291 Ffmpeg
Debian
Reachable Assertion vulnerability in multiple products

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

7.5
2021-08-12 CVE-2021-38599 WAL G Project Improper Check for Unusual or Exceptional Conditions vulnerability in Wal-G Project Wal-G

WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups.

7.5
2021-08-12 CVE-2021-38604 GNU
Fedoraproject
Oracle
NULL Pointer Dereference vulnerability in multiple products

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference.

7.5
2021-08-12 CVE-2020-20981 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.

7.5
2021-08-12 CVE-2021-38592 Wasm3 Project Out-of-bounds Write vulnerability in Wasm3 Project Wasm3 0.5.0

Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).

7.5
2021-08-12 CVE-2021-38593 QT
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

7.5
2021-08-11 CVE-2021-38587 Cpanel Race Condition vulnerability in Cpanel

In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).

7.5
2021-08-11 CVE-2021-38565 Foxitsoftware Unspecified vulnerability in Foxitsoftware PDF Editor and PDF Reader

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

7.5
2021-08-11 CVE-2021-38566 Foxitsoftware Uncontrolled Recursion vulnerability in Foxitsoftware PDF Editor and PDF Reader

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

7.5
2021-08-11 CVE-2021-38567 Foxitsoftware
Foxit
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS.

7.5
2021-08-11 CVE-2021-38569 Foxitsoftware Uncontrolled Recursion vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

7.5
2021-08-11 CVE-2017-16629 Sapphireims Information Exposure Through an Error Message vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form.

7.5
2021-08-11 CVE-2017-16632 Sapphireims Inadequate Encryption Strength vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, the password in the database is stored in Base64 format.

7.5
2021-08-11 CVE-2021-20427 IBM Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

7.5
2021-08-11 CVE-2021-38526 Netgear Classic Buffer Overflow vulnerability in Netgear Rax35 Firmware, Rax38 Firmware and Rax40 Firmware

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

7.5
2021-08-11 CVE-2021-38515 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

7.5
2021-08-10 CVE-2021-38511 TAR Project Link Following vulnerability in TAR Project TAR

An issue was discovered in the tar crate before 0.4.36 for Rust.

7.5
2021-08-10 CVE-2021-38512 Actix
Fedoraproject
HTTP Request Smuggling vulnerability in multiple products

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust.

7.5
2021-08-10 CVE-2021-38490 Altova XML Entity Expansion vulnerability in Altova Mobiletogether Server 7.0/7.3

Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.

7.5
2021-08-10 CVE-2021-28845 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.

7.5
2021-08-10 CVE-2021-29294 Dlink NULL Pointer Dereference vulnerability in Dlink Dsl-2740R Firmware Uk1.01

Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function.

7.5
2021-08-10 CVE-2021-29295 Dlink NULL Pointer Dereference vulnerability in Dlink Dsp-W215 Firmware 1.10

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd.

7.5
2021-08-10 CVE-2021-29296 Dlink NULL Pointer Dereference vulnerability in Dlink Dir-825 Firmware 2.10B02

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service.

7.5
2021-08-10 CVE-2021-28841 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a ping_ipaddr key.

7.5
2021-08-10 CVE-2021-28842 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key.

7.5
2021-08-10 CVE-2021-28843 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.

7.5
2021-08-10 CVE-2021-28844 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.

7.5
2021-08-10 CVE-2021-38386 Contiki OS Classic Buffer Overflow vulnerability in Contiki-Os Contiki 3.0

In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.

7.5
2021-08-10 CVE-2021-38387 Contiki OS Infinite Loop vulnerability in Contiki-Os Contiki 3.0

In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.

7.5
2021-08-10 CVE-2021-28838 Dlink NULL Pointer Dereference vulnerability in Dlink products

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary.

7.5
2021-08-10 CVE-2021-28839 Dlink NULL Pointer Dereference vulnerability in Dlink products

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary.

7.5
2021-08-10 CVE-2021-28840 Dlink NULL Pointer Dereference vulnerability in Dlink products

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary.

7.5
2021-08-10 CVE-2021-38380 Live555 Out-of-bounds Read vulnerability in Live555

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read.

7.5
2021-08-10 CVE-2021-38371 Exim Injection vulnerability in Exim

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

7.5
2021-08-10 CVE-2021-25659 Siemens Resource Exhaustion vulnerability in Siemens Automation License Manager

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2).

7.5
2021-08-10 CVE-2021-37172 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl.

7.5
2021-08-10 CVE-2021-3689 Yiiframework Use of Insufficiently Random Values vulnerability in Yiiframework YII

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

7.5
2021-08-10 CVE-2021-21501 Apache Path Traversal vulnerability in Apache Servicecomb

Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.

7.5
2021-08-09 CVE-2020-23148 Rconfig Injection vulnerability in Rconfig 3.9.5

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.

7.5
2021-08-09 CVE-2020-23149 Rconfig SQL Injection vulnerability in Rconfig 3.9.5

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.

7.5
2021-08-09 CVE-2020-23150 Rconfig SQL Injection vulnerability in Rconfig 3.9.5

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.

7.5
2021-08-09 CVE-2021-38311 Contiki OS Infinite Loop vulnerability in Contiki-Os Contiki 3.0

In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service.

7.5
2021-08-09 CVE-2015-2073 SAP Path Traversal vulnerability in SAP Businessobjects Edge 4.0

The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.

7.5
2021-08-09 CVE-2015-2074 SAP Path Traversal vulnerability in SAP Businessobjects Edge 4.0

The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.

7.5
2021-08-09 CVE-2021-36798 Helpsystems Allocation of Resources Without Limits or Throttling vulnerability in Helpsystems Cobalt Strike 4.2/4.3

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3.

7.5
2021-08-12 CVE-2021-37655 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.3
2021-08-11 CVE-2021-1108 Nvidia Integer Underflow (Wrap or Wraparound) vulnerability in Nvidia Jetson Linux and Shield Experience

NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.

7.3
2021-08-13 CVE-2021-36792 Dated News Project Unspecified vulnerability in Dated News Project Dated News

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.

7.2
2021-08-12 CVE-2020-18462 Aikcms Unrestricted Upload of File with Dangerous Type vulnerability in Aikcms 2.0

File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.

7.2
2021-08-11 CVE-2021-37626 Contao Code Injection vulnerability in Contao

Contao is an open source CMS that allows you to create websites and scalable web applications.

7.2
2021-08-11 CVE-2021-37627 Contao Improper Privilege Management vulnerability in Contao

Contao is an open source CMS that allows creation of websites and scalable web applications.

7.2
2021-08-11 CVE-2021-38584 Cpanel XXE vulnerability in Cpanel

The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).

7.2
2021-08-11 CVE-2021-38585 Cpanel Deserialization of Untrusted Data vulnerability in Cpanel

The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).

7.2
2021-08-11 CVE-2021-38531 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

7.2
2021-08-11 CVE-2021-38532 Netgear Unspecified vulnerability in Netgear Wac104 Firmware 1.0.4.13

NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings.

7.2
2021-08-11 CVE-2021-38525 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

7.2
2021-08-11 CVE-2021-38517 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by out-of-bounds reads and writes.

7.2
2021-08-11 CVE-2021-38518 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

7.2
2021-08-11 CVE-2021-38519 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

7.2
2021-08-11 CVE-2021-38520 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

7.2
2021-08-11 CVE-2021-38521 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

7.2
2021-08-11 CVE-2021-38522 Netgear Out-of-bounds Write vulnerability in Netgear R6400 Firmware

NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user.

7.2
2021-08-11 CVE-2021-38523 Netgear Out-of-bounds Write vulnerability in Netgear R6400 Firmware

NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user.

7.2
2021-08-10 CVE-2021-33721 Siemens OS Command Injection vulnerability in Siemens Sinec Network Management System 1.0

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2).

7.2
2021-08-09 CVE-2021-21585 Dell OS Command Injection vulnerability in Dell Openmanage Enterprise 3.5

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools.

7.2
2021-08-09 CVE-2021-24521 WOW Estore Unspecified vulnerability in Wow-Estore Side Menu

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement.

7.2
2021-08-12 CVE-2021-37682 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.1
2021-08-12 CVE-2021-37635 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.1
2021-08-12 CVE-2021-37641 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.1
2021-08-12 CVE-2021-37654 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.1
2021-08-12 CVE-2021-37664 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.1
2021-08-12 CVE-2021-37643 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

7.1
2021-08-11 CVE-2021-1110 Nvidia Improper Input Validation vulnerability in Nvidia Jetson Linux

NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.

7.1
2021-08-11 CVE-2021-0002 Intel
Fedoraproject
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

7.1
2021-08-10 CVE-2021-22386 Huawei Double Free vulnerability in Huawei Emui and Magic UI

A component of the Huawei smartphone has a Double Free vulnerability.

7.0

207 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-12 CVE-2020-18454 Bycms Project Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0

Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.

6.8
2021-08-12 CVE-2020-18457 Bycms Project Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0

Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.

6.8
2021-08-13 CVE-2021-37028 Huawei OS Command Injection vulnerability in Huawei Hg8045Q Firmware V300R016C00Spc110/V300R018C10

There is a command injection vulnerability in the HG8045Q product.

6.7
2021-08-11 CVE-2021-1111 Nvidia Out-of-bounds Read vulnerability in Nvidia Jetson Linux

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.

6.7
2021-08-13 CVE-2021-37690 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

6.6
2021-08-13 CVE-2020-21066 Axiosys Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1.0

An issue was discovered in Bento4 v1.5.1.0.

6.5
2021-08-13 CVE-2021-27402 Mitel Path Traversal vulnerability in Mitel Micollab

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.

6.5
2021-08-13 CVE-2021-29880 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.4.3

IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain.

6.5
2021-08-13 CVE-2021-32067 Mitel Improper Encoding or Escaping of Output vulnerability in Mitel Micollab

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.

6.5
2021-08-13 CVE-2021-32072 Mitel Improper Encoding or Escaping of Output vulnerability in Mitel Micollab

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization.

6.5
2021-08-12 CVE-2021-31731 Kitesky Path Traversal vulnerability in Kitesky Kitecms 1.1.1

A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.

6.5
2021-08-11 CVE-2021-37696 Tmerc Cogs Project Unspecified vulnerability in Tmerc-Cogs Project Tmerc-Cogs

tmerc-cogs are a collection of open source plugins for the Red Discord bot.

6.5
2021-08-11 CVE-2021-37697 Tmerc Cogs Project Unspecified vulnerability in Tmerc-Cogs Project Tmerc-Cogs

tmerc-cogs are a collection of open source plugins for the Red Discord bot.

6.5
2021-08-11 CVE-2017-16631 Sapphireims Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

6.5
2021-08-11 CVE-2020-21363 Maccms Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0

An arbitrary file deletion vulnerability exists within Maccms10.

6.5
2021-08-11 CVE-2020-25562 Sapphireims Cross-Site Request Forgery (CSRF) vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, there is no CSRF token present in the entire application.

6.5
2021-08-11 CVE-2021-3046 Paloaltonetworks Improper Authentication vulnerability in Paloaltonetworks Pan-Os

An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication.

6.5
2021-08-11 CVE-2021-0009 Intel Out-of-bounds Read vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0

Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

6.5
2021-08-10 CVE-2021-29400 Netexplorer Cross-Site Request Forgery (CSRF) vulnerability in Netexplorer MY Smtp Contact 1.1.1

A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.

6.5
2021-08-10 CVE-2020-21677 Libsixel Project Out-of-bounds Write vulnerability in Libsixel Project Libsixel 1.8.4

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.

6.5
2021-08-10 CVE-2020-21697 Ffmpeg
Debian
Use After Free vulnerability in multiple products

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.

6.5
2021-08-10 CVE-2021-28846 Trendnet Use of Externally-Controlled Format String vulnerability in Trendnet products

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format.

6.5
2021-08-10 CVE-2021-21600 Dell Unspecified vulnerability in Dell EMC Networker

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service.

6.5
2021-08-10 CVE-2021-38381 Live555 Use After Free vulnerability in Live555

Live555 through 1.08 does not handle MPEG-1 or 2 files properly.

6.5
2021-08-10 CVE-2021-38382 Live555 Use After Free vulnerability in Live555

Live555 through 1.08 does not handle Matroska and Ogg files properly.

6.5
2021-08-10 CVE-2021-33699 SAP Unspecified vulnerability in SAP Fiori Client 3.2

Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features.

6.5
2021-08-10 CVE-2021-22674 Advantech Path Traversal vulnerability in Advantech Webaccess/Scada

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

6.5
2021-08-09 CVE-2021-21584 Dell Information Exposure vulnerability in Dell products

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability.

6.5
2021-08-09 CVE-2021-29714 IBM Improper Input Validation vulnerability in IBM Content Navigator 3.0.0

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation.

6.5
2021-08-09 CVE-2021-24467 Leaflet MAP Project Unspecified vulnerability in Leaflet MAP Project Leaflet MAP

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack.

6.5
2021-08-13 CVE-2021-3573 Linux
Redhat
Fedoraproject
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info().
6.4
2021-08-11 CVE-2021-1109 Nvidia Unspecified vulnerability in Nvidia Jetson Linux

NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.

6.3
2021-08-13 CVE-2021-36790 Dated News Project Cross-site Scripting vulnerability in Dated News Project Dated News

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.

6.1
2021-08-13 CVE-2021-27401 Mitel Cross-site Scripting vulnerability in Mitel Micollab

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).

6.1
2021-08-13 CVE-2021-38619 Openbaraza Cross-site Scripting vulnerability in Openbaraza Human Capital Management 3.1.6

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).

6.1
2021-08-13 CVE-2021-38583 Openbaraza Cross-site Scripting vulnerability in Openbaraza Human Capital Management 3.1.6

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).

6.1
2021-08-13 CVE-2021-37352 Nagios Open Redirect vulnerability in Nagios XI

An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing.

6.1
2021-08-12 CVE-2021-37700 Paste Markdown Project Unspecified vulnerability in Paste-Markdown Project Paste-Markdown

@github/paste-markdown is an npm package for pasting markdown objects.

6.1
2021-08-12 CVE-2020-18445 Yunucms Cross-site Scripting vulnerability in Yunucms 1.1.9

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.

6.1
2021-08-12 CVE-2021-38087 Acronis Cross-site Scripting vulnerability in Acronis Cyber Protect 15

Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.

6.1
2021-08-12 CVE-2021-37699 Vercel Open Redirect vulnerability in Vercel Next.Js

Next.js is an open source website development framework to be used with the React library.

6.1
2021-08-11 CVE-2021-22098 Cloudfoundry Open Redirect vulnerability in Cloudfoundry User Account and Authentication

UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability.

6.1
2021-08-11 CVE-2021-34640 Securimage WP Fixed Project Cross-site Scripting vulnerability in Securimage-Wp-Fixed Project Securimage-Wp-Fixed 3.5.4

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4.

6.1
2021-08-11 CVE-2021-38538 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

6.1
2021-08-10 CVE-2021-37389 Chamilo Cross-site Scripting vulnerability in Chamilo 1.11.14

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.

6.1
2021-08-10 CVE-2021-37390 Chamilo Cross-site Scripting vulnerability in Chamilo LMS

A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).

6.1
2021-08-10 CVE-2021-32768 Typo3 Cross-site Scripting vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

6.1
2021-08-10 CVE-2021-37365 Ctparental Project Cross-site Scripting vulnerability in Ctparental Project Ctparental

CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel.

6.1
2021-08-10 CVE-2021-22676 Advantech Cross-site Scripting vulnerability in Advantech Webaccess/Scada

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code.

6.1
2021-08-10 CVE-2021-33702 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data.

6.1
2021-08-10 CVE-2021-33703 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters.

6.1
2021-08-10 CVE-2021-33707 SAP Unspecified vulnerability in SAP Netweaver Knowledge Management

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component.

6.1
2021-08-10 CVE-2021-36601 GET Simple Cross-site Scripting vulnerability in Get-Simple Getsimplecms 3.3.16

GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.

6.1
2021-08-10 CVE-2021-31655 Trendnet Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.64/1.2.2.65/1.2.2.68

Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter.

6.1
2021-08-09 CVE-2021-37633 Discourse Cross-site Scripting vulnerability in Discourse

Discourse is an open source discussion platform.

6.1
2021-08-09 CVE-2021-37634 Vapor Cross-site Scripting vulnerability in Vapor Leafkit

Leafkit is a templating language with Swift-inspired syntax.

6.1
2021-08-09 CVE-2018-17861 SAP Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01

A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol.

6.1
2021-08-09 CVE-2018-17862 SAP Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01

A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2.

6.1
2021-08-09 CVE-2018-17865 SAP Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01

A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol.

6.1
2021-08-09 CVE-2021-34660 Verygoodplugins Cross-site Scripting vulnerability in Verygoodplugins WP Fusion 3.37.18

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18.

6.1
2021-08-09 CVE-2021-37573 Tiny Java WEB Server Project Cross-site Scripting vulnerability in Tiny Java web Server Project Tiny Java web Server 1.115

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page

6.1
2021-08-09 CVE-2021-24304 Tagdiv Unspecified vulnerability in Tagdiv Newsmag

The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

6.1
2021-08-09 CVE-2021-24495 Marmoset Unspecified vulnerability in Marmoset Viewer

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.

6.1
2021-08-09 CVE-2021-24522 Properfraction Unspecified vulnerability in Properfraction Profilepress

The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access.

6.1
2021-08-13 CVE-2021-31399 2N Improper Certificate Validation vulnerability in 2N Access Unit 2.0 Firmware 2.31.0.40.5

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.

5.9
2021-08-12 CVE-2021-38597 Wolfssl Insufficient Verification of Data Authenticity vulnerability in Wolfssl

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

5.9
2021-08-11 CVE-2021-3048 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding.

5.9
2021-08-11 CVE-2021-38543 TP Link Unspecified vulnerability in Tp-Link Ue330 Firmware 20210809

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

5.9
2021-08-11 CVE-2021-38544 Sony Unspecified vulnerability in Sony Srs-Xb33 Firmware and Srs-Xb43 Firmware

Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

5.9
2021-08-11 CVE-2021-38545 Raspberrypi Unspecified vulnerability in Raspberrypi products

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

5.9
2021-08-11 CVE-2021-38546 Creative Unspecified vulnerability in Creative products

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

5.9
2021-08-11 CVE-2021-38547 Logitech Unspecified vulnerability in Logitech S120 Firmware and Z120 Firmware

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

5.9
2021-08-11 CVE-2021-38548 JBL Unspecified vulnerability in JBL GO 2 Firmware 20210809

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

5.9
2021-08-11 CVE-2021-38549 Benda Unspecified vulnerability in Benda Miracase Hmub500 Firmware 20210809

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

5.9
2021-08-10 CVE-2021-38370 Alpine Project Command Injection vulnerability in Alpine Project Alpine

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.

5.9
2021-08-12 CVE-2021-37668 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37669 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37670 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37672 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37673 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37674 Google Improper Validation of Specified Quantity in Input vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37677 Google Improper Validation of Specified Quantity in Input vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37683 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37684 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37685 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37687 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37691 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37692 Google Unspecified vulnerability in Google Tensorflow 2.5.0/2.5.1/2.5.2

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37675 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37680 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37686 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37688 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37689 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37644 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37645 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37646 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37661 Google Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37637 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37647 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37649 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37636 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37640 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37642 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37653 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-12 CVE-2021-37660 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

5.5
2021-08-11 CVE-2021-38590 Cpanel Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).

5.5
2021-08-11 CVE-2021-1112 Nvidia NULL Pointer Dereference vulnerability in Nvidia Jetson Linux

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.

5.5
2021-08-11 CVE-2021-32437 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

5.5
2021-08-11 CVE-2021-32438 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

5.5
2021-08-11 CVE-2021-32440 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

5.5
2021-08-11 CVE-2021-0003 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2021-08-11 CVE-2021-0012 Intel Use After Free vulnerability in Intel Graphics Driver and Graphics Drivers

Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2021-08-10 CVE-2020-21675 Fig2Dev Project
Debian
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.

5.5
2021-08-10 CVE-2020-21676 Fig2Dev Project
Debian
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

5.5
2021-08-10 CVE-2020-21678 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B

A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.

5.5
2021-08-10 CVE-2020-21680 Fig2Dev Project Out-of-bounds Write vulnerability in Fig2Dev Project Fig2Dev 3.2.7B

A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

5.5
2021-08-10 CVE-2020-21681 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B

A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

5.5
2021-08-10 CVE-2020-21682 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B

A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

5.5
2021-08-10 CVE-2020-21683 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B

A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

5.5
2021-08-10 CVE-2020-21684 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B

A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

5.5
2021-08-10 CVE-2020-23171 NIM Lang Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nim-Lang

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.

5.5
2021-08-10 CVE-2020-23172 Kuba Project Path Traversal vulnerability in Kuba Project Kuba

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.

5.5
2021-08-10 CVE-2021-33717 Siemens NULL Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1).

5.5
2021-08-10 CVE-2021-37178 Siemens XXE vulnerability in Siemens Solid Edge Se2021 Firmware

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7).

5.5
2021-08-09 CVE-2021-34335 Exiv2
Fedoraproject
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-37615 Exiv2
Fedoraproject
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2015-7731 SAP Information Exposure vulnerability in SAP Mobile Platform 3.0

SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.

5.5
2021-08-09 CVE-2021-37616 Exiv2
Fedoraproject
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-37618 Exiv2
Fedoraproject
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-37619 Exiv2
Fedoraproject
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-37620 Exiv2
Fedoraproject
Debian
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-37621 Exiv2
Fedoraproject
Debian
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-37622 Exiv2
Fedoraproject
Debian
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-32815 Exiv2
Fedoraproject
Debian
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-34334 Exiv2
Fedoraproject
Debian
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-09 CVE-2021-37623 Exiv2
Fedoraproject
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
5.5
2021-08-15 CVE-2021-38699 Tastyigniter Cross-site Scripting vulnerability in Tastyigniter 3.0.7

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.

5.4
2021-08-13 CVE-2021-36785 Miniorange Cross-site Scripting vulnerability in Miniorange Saml

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.

5.4
2021-08-13 CVE-2021-36787 In2Code Cross-site Scripting vulnerability in In2Code Femanager

The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.

5.4
2021-08-13 CVE-2021-36788 Yoast Cross-site Scripting vulnerability in Yoast SEO 7.2.0/7.2.1

The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.

5.4
2021-08-13 CVE-2021-32070 Mitel Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitel Micollab

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response.

5.4
2021-08-13 CVE-2021-37695 Ckeditor
Debian
Fedoraproject
Oracle
ckeditor is an open source WYSIWYG HTML editor with rich content support.
5.4
2021-08-12 CVE-2020-20988 Domainmod Cross-site Scripting vulnerability in Domainmod 4.13.0

A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.

5.4
2021-08-12 CVE-2020-20990 Domainmod Cross-site Scripting vulnerability in Domainmod 4.13.0

A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.

5.4
2021-08-12 CVE-2020-18449 Ukcms Cross-site Scripting vulnerability in Ukcms 1.1.10

Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php

5.4
2021-08-12 CVE-2021-32808 Ckeditor
Fedoraproject
Oracle
ckeditor is an open source WYSIWYG HTML editor with rich content support.
5.4
2021-08-12 CVE-2021-32809 Ckeditor
Fedoraproject
Oracle
Cross-site Scripting vulnerability in multiple products

ckeditor is an open source WYSIWYG HTML editor with rich content support.

5.4
2021-08-12 CVE-2020-20977 Ukcms Cross-site Scripting vulnerability in Ukcms 1.1.10

A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.

5.4
2021-08-12 CVE-2021-27791 Broadcom Out-of-bounds Read vulnerability in Broadcom Fabric Operating System

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range.

5.4
2021-08-11 CVE-2020-21362 Maccms Cross-site Scripting vulnerability in Maccms 10.0

A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.

5.4
2021-08-11 CVE-2021-38533 Netgear Cross-site Scripting vulnerability in Netgear Rax40 Firmware 1.0.3.62

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.

5.4
2021-08-10 CVE-2020-21929 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.4.1

A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

5.4
2021-08-10 CVE-2020-21930 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.4.1

A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

5.4
2021-08-10 CVE-2021-37391 Chamilo Cross-site Scripting vulnerability in Chamilo LMS

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.

5.4
2021-08-10 CVE-2021-37152 Sonatype Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0.

5.4
2021-08-09 CVE-2013-4718 Otrs Cross-site Scripting vulnerability in Otrs and Otrs Itsm

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.

5.4
2021-08-09 CVE-2021-37788 Gurock Improper Restriction of Rendered UI Layers or Frames vulnerability in Gurock Testrail 5.3.0.3603

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack.

5.4
2021-08-09 CVE-2021-24505 Madeit Unspecified vulnerability in Madeit Forms

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues.

5.4
2021-08-09 CVE-2021-24509 A3Rev Unspecified vulnerability in A3Rev Page View Count

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks.

5.4
2021-08-09 CVE-2021-37211 Larvata Cross-site Scripting vulnerability in Larvata Flygo 1.90.5

The bulletin function of Flygo does not filter special characters while a new announcement is added.

5.4
2021-08-09 CVE-2021-37212 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.

5.4
2021-08-15 CVE-2021-37326 Netsarang Information Exposure vulnerability in Netsarang Xshell 7

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.

5.3
2021-08-13 CVE-2021-36791 Dated News Project Unspecified vulnerability in Dated News Project Dated News

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.

5.3
2021-08-13 CVE-2021-38554 Hashicorp Improper Cross-boundary Removal of Sensitive Data vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser.

5.3
2021-08-13 CVE-2021-37351 Nagios Incorrect Default Permissions vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.

5.3
2021-08-12 CVE-2021-27793 Broadcom Incorrect Authorization vulnerability in Broadcom Fabric Operating System

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

5.3
2021-08-10 CVE-2021-3692 Yiiframework Use of Insufficiently Random Values vulnerability in Yiiframework YII

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

5.3
2021-08-10 CVE-2021-38373 KDE Cleartext Transmission of Sensitive Information vulnerability in KDE Kmail 19.12.3

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

5.3
2021-08-10 CVE-2020-28397 Siemens Incorrect Authorization vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.

5.3
2021-08-09 CVE-2021-20349 IBM Out-of-bounds Write vulnerability in IBM Tivoli Workload Scheduler 9.4/9.5

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.

5.3
2021-08-13 CVE-2021-37586 Mitel Improper Input Validation vulnerability in Mitel Interaction Recording 6.6

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.

4.9
2021-08-11 CVE-2021-3045 Paloaltonetworks Argument Injection or Modification vulnerability in Paloaltonetworks Pan-Os

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system.

4.9
2021-08-11 CVE-2021-38524 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

4.9
2021-08-10 CVE-2021-29739 IBM Unchecked Return Value vulnerability in IBM Planning Analytics Local 2.0.0

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.

4.9
2021-08-13 CVE-2021-32069 Mitel Improper Certificate Validation vulnerability in Mitel Micollab

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation.

4.8
2021-08-12 CVE-2021-38602 Pluxml Cross-site Scripting vulnerability in Pluxml 5.8.7

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.

4.8
2021-08-12 CVE-2021-38603 Pluxml Cross-site Scripting vulnerability in Pluxml 5.8.7

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.

4.8
2021-08-12 CVE-2020-18451 Damicms Cross-site Scripting vulnerability in Damicms 6.0.6

Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.

4.8
2021-08-12 CVE-2020-18455 Bycms Project Cross-site Scripting vulnerability in Bycms Project Bycms 1.3.0

Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.

4.8
2021-08-12 CVE-2020-18456 Pbootcms Cross-site Scripting vulnerability in Pbootcms 1.3.7

Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.

4.8
2021-08-12 CVE-2020-18446 Yunucms Cross-site Scripting vulnerability in Yunucms 1.1.9

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.

4.8
2021-08-12 CVE-2021-35955 Contao Cross-site Scripting vulnerability in Contao

Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field.

4.8
2021-08-11 CVE-2021-38534 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

4.8
2021-08-11 CVE-2021-38535 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

4.8
2021-08-11 CVE-2021-38536 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

4.8
2021-08-11 CVE-2021-38537 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

4.8
2021-08-09 CVE-2021-24502 Flippercode Unspecified vulnerability in Flippercode WP Google MAP 1.1.0/1.2.0

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed

4.8
2021-08-11 CVE-2021-1113 Nvidia Unspecified vulnerability in Nvidia Jetson Linux

NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients.

4.7
2021-08-09 CVE-2021-34661 Verygoodplugins Cross-Site Request Forgery (CSRF) vulnerability in Verygoodplugins WP Fusion 3.37.18

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18.

4.7
2021-08-13 CVE-2021-38553 Hashicorp Improper Preservation of Permissions vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions.

4.4
2021-08-13 CVE-2021-3635 Linux
Redhat
Fedoraproject
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7.
4.4
2021-08-11 CVE-2021-38586 Cpanel Unspecified vulnerability in Cpanel

In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).

4.4
2021-08-11 CVE-2021-1114 Nvidia Use After Free vulnerability in Nvidia Jetson Linux

NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service.

4.4
2021-08-11 CVE-2021-0004 Intel
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.

4.4
2021-08-11 CVE-2021-0005 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0

Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.

4.4
2021-08-11 CVE-2021-0006 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware

Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access.

4.4
2021-08-11 CVE-2021-0007 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11

Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local access.

4.4
2021-08-11 CVE-2021-0008 Intel Resource Exhaustion vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0

Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access.

4.4
2021-08-11 CVE-2021-0083 Intel Improper Input Validation vulnerability in Intel Optane Persistent Memory Firmware 1.2.0.5446

Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access.

4.4
2021-08-13 CVE-2021-37703 Discourse Unspecified vulnerability in Discourse

Discourse is an open-source platform for community discussion.

4.3
2021-08-12 CVE-2020-20989 Domainmod Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.13.0

A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.

4.3
2021-08-12 CVE-2021-37704 Phpfastcache Exposure of Resource to Wrong Sphere vulnerability in PHPfastcache

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache).

4.3
2021-08-11 CVE-2021-20420 IBM Unspecified vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system.

4.3
2021-08-10 CVE-2021-33706 SAP Improper Input Validation vulnerability in SAP Infrabox

Due to improper input validation in InfraBox, logs can be modified by an authenticated user.

4.3
2021-08-09 CVE-2021-25954 Dolibarr Incorrect Authorization vulnerability in Dolibarr

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor.

4.3
2021-08-09 CVE-2021-37213 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.

4.3
2021-08-09 CVE-2021-37215 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability.

4.3

16 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-10 CVE-2021-21597 Dell Unspecified vulnerability in Dell Wyse Thinos 9.0/9.1

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability.

3.9
2021-08-10 CVE-2021-21598 Dell Unspecified vulnerability in Dell Wyse Thinos 9.0/9.1

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability.

3.9
2021-08-10 CVE-2020-25082 Nuvoton Information Exposure Through Discrepancy vulnerability in Nuvoton Npct75X Firmware

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

3.8
2021-08-14 CVE-2020-36473 Ucweb Cleartext Storage of Sensitive Information vulnerability in Ucweb UC

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.

3.7
2021-08-13 CVE-2021-32068 Mitel Allocation of Resources Without Limits or Throttling vulnerability in Mitel Micollab

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls.

3.7
2021-08-10 CVE-2021-38372 KDE Command Injection vulnerability in KDE Trojita 0.7

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.

3.7
2021-08-10 CVE-2021-38365 Tonewinner Unspecified vulnerability in Tonewinner Winner Desktop Speakers Firmware 20210809

Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

3.7
2021-08-12 CVE-2020-18464 Aikcms Cross-Site Request Forgery (CSRF) vulnerability in Aikcms 2.0

Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.

3.5
2021-08-11 CVE-2021-33594 F Secure Unspecified vulnerability in F-Secure Safe 17.9

An address bar spoofing vulnerability was discovered in Safe Browser for Android.

3.5
2021-08-11 CVE-2021-33595 F Secure Unspecified vulnerability in F-Secure Safe

A address bar spoofing vulnerability was discovered in Safe Browser for iOS.

3.5
2021-08-12 CVE-2021-38591 Google Unspecified vulnerability in Google Android 10.0/9.0

An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883.

3.3
2021-08-10 CVE-2021-33738 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2).

3.3
2021-08-11 CVE-2021-3047 Paloaltonetworks Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Paloaltonetworks Pan-Os

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface.

3.1
2021-08-11 CVE-2021-38514 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

2.7
2021-08-12 CVE-2020-18463 Aikcms Cross-Site Request Forgery (CSRF) vulnerability in Aikcms 2.0

Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.

2.4
2021-08-09 CVE-2021-21740 ZTE Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product.

2.4