Weekly Vulnerabilities Reports > August 9 to 15, 2021
Overview
470 new vulnerabilities reported during this period, including 73 critical vulnerabilities and 174 high severity vulnerabilities. This weekly summary report vulnerabilities in 448 products from 170 vendors including Google, Netgear, Fedoraproject, Intel, and Foxitsoftware. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "NULL Pointer Dereference", "Cross-Site Request Forgery (CSRF)", and "SQL Injection".
- 311 reported vulnerabilities are remotely exploitables.
- 122 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 253 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 59 reported vulnerabilities.
- Foxitsoftware has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
73 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-08-13 | CVE-2021-37705 | Microsoft | Incorrect Authorization vulnerability in Microsoft Onefuzz OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. | 10.0 |
2021-08-13 | CVE-2021-21829 | ATT | Out-of-bounds Write vulnerability in ATT Xmill 0.7 A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. | 9.8 |
2021-08-13 | CVE-2021-21830 | ATT | Out-of-bounds Write vulnerability in ATT Xmill 0.7 A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. | 9.8 |
2021-08-13 | CVE-2020-18753 | Dcce | Missing Authorization vulnerability in Dcce Mac1100 PLC Firmware An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. | 9.8 |
2021-08-13 | CVE-2020-18758 | Dcce | Command Injection vulnerability in Dcce Mac1100 PLC Firmware An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. | 9.8 |
2021-08-13 | CVE-2021-36789 | Dated News Project | SQL Injection vulnerability in Dated News Project Dated News The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. | 9.8 |
2021-08-13 | CVE-2021-38302 | Newsletter Project | SQL Injection vulnerability in Newsletter Project Newsletter The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. | 9.8 |
2021-08-13 | CVE-2021-1104 | Risc V | Use of Uninitialized Resource vulnerability in Risc-V Instruction SET Manual The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service. | 9.8 |
2021-08-13 | CVE-2021-32071 | Mitel | Unspecified vulnerability in Mitel Micollab The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. | 9.8 |
2021-08-13 | CVE-2021-36380 | Sunhillo | OS Command Injection vulnerability in Sunhillo Sureline Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. | 9.8 |
2021-08-13 | CVE-2021-37344 | Nagios | OS Command Injection vulnerability in Nagios XI Switch Wizard Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). | 9.8 |
2021-08-13 | CVE-2021-37346 | Nagios | OS Command Injection vulnerability in Nagios XI Watchguard Wizard Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). | 9.8 |
2021-08-13 | CVE-2021-37350 | Nagios | SQL Injection vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | 9.8 |
2021-08-13 | CVE-2021-37353 | Nagios | Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Docker Wizard Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | 9.8 |
2021-08-12 | CVE-2020-36363 | Amazon | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019 Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | 9.8 |
2021-08-12 | CVE-2021-28121 | Virtual Robots TXT Project | Unspecified vulnerability in Virtual Robots.Txt Project Virtual Robots.Txt Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. | 9.8 |
2021-08-12 | CVE-2021-28890 | J2Eefast | SQL Injection vulnerability in J2Eefast 2.2.1 J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements. | 9.8 |
2021-08-12 | CVE-2021-29377 | Pearadmin | Unrestricted Upload of File with Dangerous Type vulnerability in Pearadmin Think 2.0.0/2.1.0/2.1.2 Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. | 9.8 |
2021-08-12 | CVE-2021-31556 | Mediawiki Fedoraproject | Improper Validation of Specified Quantity in Input vulnerability in multiple products An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. | 9.8 |
2021-08-12 | CVE-2021-31698 | Quectel | OS Command Injection vulnerability in Quectel Eg25-G Firmware Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | 9.8 |
2021-08-12 | CVE-2021-33199 | Expressionengine | Improper Input Validation vulnerability in Expressionengine In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | 9.8 |
2021-08-12 | CVE-2021-37599 | Nuance | SQL Injection vulnerability in Nuance Winscribe Dictation 4.1.0.99 The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter. | 9.8 |
2021-08-12 | CVE-2021-20509 | IBM | Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. | 9.8 |
2021-08-12 | CVE-2021-38606 | Yogeshojha | Use of Insufficiently Random Values vulnerability in Yogeshojha Rengine reNgine through 0.5 relies on a predictable directory name. | 9.8 |
2021-08-12 | CVE-2020-20975 | Gxlcms | SQL Injection vulnerability in Gxlcms 1.1 In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. | 9.8 |
2021-08-12 | CVE-2020-20979 | 8Cms | Unrestricted Upload of File with Dangerous Type vulnerability in 8Cms Ljcms 4.3. An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. | 9.8 |
2021-08-12 | CVE-2021-20314 | Libspf2 Redhat Fedoraproject | Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. | 9.8 |
2021-08-12 | CVE-2020-28165 | Easycorp | Unrestricted Upload of File with Dangerous Type vulnerability in Easycorp Zentao The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. | 9.8 |
2021-08-12 | CVE-2021-37222 | Rcdcap Project | Unspecified vulnerability in Rcdcap Project Rcdcap Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets. | 9.8 |
2021-08-11 | CVE-2021-38563 | Foxitsoftware Foxit | Improper Validation of Array Index vulnerability in multiple products An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. | 9.8 |
2021-08-11 | CVE-2021-38568 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 9.8 |
2021-08-11 | CVE-2021-38572 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 9.8 |
2021-08-11 | CVE-2021-38573 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 9.8 |
2021-08-11 | CVE-2021-38574 | Foxitsoftware | SQL Injection vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 9.8 |
2021-08-11 | CVE-2020-21359 | Maccms | Unrestricted Upload of File with Dangerous Type vulnerability in Maccms 10.0 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | 9.8 |
2021-08-11 | CVE-2020-25560 | Sapphireims | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. | 9.8 |
2021-08-11 | CVE-2020-25563 | Sapphireims | Missing Authentication for Critical Function vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | 9.8 |
2021-08-11 | CVE-2020-25565 | Sapphireims | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. | 9.8 |
2021-08-11 | CVE-2020-25566 | Sapphireims | Missing Authentication for Critical Function vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. | 9.8 |
2021-08-11 | CVE-2021-33793 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. | 9.8 |
2021-08-11 | CVE-2021-23421 | Merge Change Project | Unspecified vulnerability in Merge-Change Project Merge-Change All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. | 9.8 |
2021-08-11 | CVE-2021-20418 | IBM | Weak Password Requirements vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
2021-08-11 | CVE-2021-23420 | Codeception | Deserialization of Untrusted Data vulnerability in Codeception This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. | 9.8 |
2021-08-11 | CVE-2021-38530 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
2021-08-11 | CVE-2021-38527 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
2021-08-11 | CVE-2021-38528 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
2021-08-11 | CVE-2021-38529 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
2021-08-11 | CVE-2021-38513 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 9.8 |
2021-08-11 | CVE-2021-38516 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by lack of access control at the function level. | 9.8 |
2021-08-10 | CVE-2021-20032 | Sonicwall | Unspecified vulnerability in Sonicwall Analytics 2.5.0.3/2.5.2518 SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. | 9.8 |
2021-08-10 | CVE-2021-38140 | SET User Project | Improper Privilege Management vulnerability in SET User Project SET User The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). | 9.8 |
2021-08-10 | CVE-2021-38383 | Owntone Project | Use After Free vulnerability in Owntone Project Owntone OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | 9.8 |
2021-08-10 | CVE-2021-38384 | Serverless Offline Project | Improper Handling of Exceptional Conditions vulnerability in Serverless Offline Project Serverless Offline 8.0.0 Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions). | 9.8 |
2021-08-10 | CVE-2021-32943 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess/Scada The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | 9.8 |
2021-08-09 | CVE-2020-23151 | Rconfig | OS Command Injection vulnerability in Rconfig 3.9.5 rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | 9.8 |
2021-08-09 | CVE-2021-21564 | Dell | Improper Authentication vulnerability in Dell Openmanage Enterprise 3.5 Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. | 9.8 |
2021-08-09 | CVE-2014-9320 | SAP | Improper Authentication vulnerability in SAP Businessobjects Edge 4.1 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. | 9.8 |
2021-08-09 | CVE-2013-6276 | Qnap | Use of Hard-coded Credentials vulnerability in Qnap products QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. | 9.8 |
2021-08-09 | CVE-2021-22910 | Rocket Chat | Unspecified vulnerability in Rocket.Chat A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. | 9.8 |
2021-08-09 | CVE-2021-24499 | Amentotech | Unspecified vulnerability in Amentotech Workreap The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. | 9.8 |
2021-08-09 | CVE-2021-24507 | Brainstormforce | Unspecified vulnerability in Brainstormforce Astra The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues | 9.8 |
2021-08-09 | CVE-2021-32797 | Jupyter | Cross-site Scripting vulnerability in Jupyter Jupyterlab JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. | 9.6 |
2021-08-09 | CVE-2021-32798 | Jupyter | Cross-site Scripting vulnerability in Jupyter Notebook The Jupyter notebook is a web-based notebook environment for interactive computing. | 9.6 |
2021-08-13 | CVE-2021-34823 | On24 | XXE vulnerability in On24 Screenshare The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. | 9.1 |
2021-08-13 | CVE-2021-3352 | Mitel | Unspecified vulnerability in Mitel Micontact Center Business The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | 9.1 |
2021-08-13 | CVE-2021-38621 | Netless | Unspecified vulnerability in Netless Flat Server The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. | 9.1 |
2021-08-13 | CVE-2021-27741 | Hcltechsw | XXE vulnerability in Hcltechsw HCL Commerce " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | 9.1 |
2021-08-11 | CVE-2021-38564 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware PDF Editor and PDF Reader An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. | 9.1 |
2021-08-11 | CVE-2021-38570 | Foxitsoftware | Link Following vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 9.1 |
2021-08-11 | CVE-2021-33794 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. | 9.1 |
2021-08-11 | CVE-2019-25052 | Linaro | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Linaro Op-Tee In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | 9.1 |
2021-08-10 | CVE-2021-37425 | Altova | XXE vulnerability in Altova Mobiletogether Server 7.0/7.3 Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key. | 9.1 |
2021-08-15 | CVE-2021-25955 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. | 9.0 |
174 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-08-13 | CVE-2021-37343 | Nagios | Path Traversal vulnerability in Nagios XI A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | 8.8 |
2021-08-12 | CVE-2021-37678 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 8.8 | |
2021-08-12 | CVE-2020-22403 | Express Cart Project | Cross-Site Request Forgery (CSRF) vulnerability in Express-Cart Project Express-Cart Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | 8.8 |
2021-08-12 | CVE-2021-38366 | Sitecore | Unrestricted Upload of File with Dangerous Type vulnerability in Sitecore Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL. | 8.8 |
2021-08-12 | CVE-2020-18460 | 711Cms | Cross-Site Request Forgery (CSRF) vulnerability in 711Cms 1.0.7 Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. | 8.8 |
2021-08-12 | CVE-2021-36921 | Monitorapp | Improper Authentication vulnerability in Monitorapp Application Insight Manager B107 AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. | 8.8 |
2021-08-12 | CVE-2020-24576 | Netskope | Improper Privilege Management vulnerability in Netskope Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. | 8.8 |
2021-08-11 | CVE-2017-16630 | Sapphireims | Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. | 8.8 |
2021-08-11 | CVE-2020-25564 | Sapphireims | Incorrect Authorization vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | 8.8 |
2021-08-11 | CVE-2020-21976 | Newsone CMS Project | Unrestricted Upload of File with Dangerous Type vulnerability in Newsone CMS Project Newsone CMS 1.1.0 An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | 8.8 |
2021-08-11 | CVE-2021-3050 | Paloaltonetworks | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. | 8.8 |
2021-08-11 | CVE-2020-28589 | Tinyobjloader Project | Improper Validation of Array Index vulnerability in Tinyobjloader Project Tinyobjloader 2.0 An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. | 8.8 |
2021-08-11 | CVE-2021-38539 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by privilege escalation. | 8.8 |
2021-08-10 | CVE-2020-21688 | Ffmpeg Debian | Use After Free vulnerability in multiple products A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | 8.8 |
2021-08-10 | CVE-2021-33708 | Kyma Project | Improper Input Validation vulnerability in Kyma-Project Kyma Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. | 8.8 |
2021-08-10 | CVE-2021-37366 | Ctparental Project | Cross-Site Request Forgery (CSRF) vulnerability in Ctparental Project Ctparental CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. | 8.8 |
2021-08-09 | CVE-2021-21596 | Dell | Unspecified vulnerability in Dell products Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. | 8.8 |
2021-08-09 | CVE-2013-4717 | Otrs | SQL Injection vulnerability in Otrs and Otrs Itsm Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. | 8.8 |
2021-08-09 | CVE-2021-33256 | Zohocorp | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. | 8.8 |
2021-08-09 | CVE-2021-24520 | Coderstimes | Unspecified vulnerability in Coderstimes OUT of Stock Message for Woocommerce The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. | 8.8 |
2021-08-09 | CVE-2021-37214 | Larvata | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 8.8 |
2021-08-12 | CVE-2021-36982 | Monitorapp | Improper Input Validation vulnerability in Monitorapp Application Insight Manager B107 AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request. | 8.1 |
2021-08-11 | CVE-2021-38588 | Cpanel | Download of Code Without Integrity Check vulnerability in Cpanel In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | 8.1 |
2021-08-11 | CVE-2021-38589 | Cpanel | Unspecified vulnerability in Cpanel In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). | 8.1 |
2021-08-09 | CVE-2021-38290 | Thedaylightstudio | Injection vulnerability in Thedaylightstudio Fuel CMS A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. | 8.1 |
2021-08-09 | CVE-2021-24500 | Amentotech | Cross-Site Request Forgery (CSRF) vulnerability in Amentotech Workreap Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. | 8.1 |
2021-08-09 | CVE-2021-24501 | Amentotech | Unspecified vulnerability in Amentotech Workreap The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. | 8.1 |
2021-08-12 | CVE-2020-18458 | Damicms | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.6 Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | 8.0 |
2021-08-11 | CVE-2021-32122 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.0 |
2021-08-13 | CVE-2021-21812 | ATT | Out-of-bounds Write vulnerability in ATT Xmill 0.7 A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. | 7.8 |
2021-08-13 | CVE-2021-21813 | ATT | Out-of-bounds Write vulnerability in ATT Xmill 0.7 Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. | 7.8 |
2021-08-13 | CVE-2021-21814 | ATT | Argument Injection or Modification vulnerability in ATT Xmill 0.7 Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. | 7.8 |
2021-08-13 | CVE-2021-21815 | ATT | Out-of-bounds Write vulnerability in ATT Xmill 0.7 A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. | 7.8 |
2021-08-13 | CVE-2021-34398 | Nvidia | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nvidia Data Center GPU Manager NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service. | 7.8 |
2021-08-13 | CVE-2021-37345 | Nagios | Improper Privilege Management vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | 7.8 |
2021-08-13 | CVE-2021-37347 | Nagios | Path Traversal vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | 7.8 |
2021-08-13 | CVE-2021-37349 | Nagios | Unspecified vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | 7.8 |
2021-08-12 | CVE-2021-37663 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37665 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37679 | Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37648 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37652 | Double Free vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37666 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37667 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37671 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37676 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37681 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37650 | Out-of-bounds Write vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37651 | Out-of-bounds Write vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37656 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37657 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37658 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37659 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37662 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37638 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-37639 | NULL Pointer Dereference vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.8 | |
2021-08-12 | CVE-2021-27790 | Broadcom | Out-of-bounds Write vulnerability in Broadcom Fabric Operating System The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. | 7.8 |
2021-08-12 | CVE-2021-27792 | Broadcom | Unspecified vulnerability in Broadcom Fabric Operating System The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. | 7.8 |
2021-08-12 | CVE-2021-27794 | Broadcom | Improper Authentication vulnerability in Broadcom Fabric Operating System A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. | 7.8 |
2021-08-12 | CVE-2021-37841 | Docker | Incorrect Permission Assignment for Critical Resource vulnerability in Docker Desktop Docker Desktop before 3.6.0 suffers from incorrect access control. | 7.8 |
2021-08-12 | CVE-2021-38086 | Acronis | Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15 Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. | 7.8 |
2021-08-12 | CVE-2021-38088 | Acronis | Unspecified vulnerability in Acronis Cyber Protect 15 Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | 7.8 |
2021-08-11 | CVE-2021-36770 | P5 Encode Project Fedoraproject | Uncontrolled Search Path Element vulnerability in multiple products Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. | 7.8 |
2021-08-11 | CVE-2021-1106 | Nvidia | Out-of-bounds Write vulnerability in Nvidia Jetson Linux and Shield Experience NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system. | 7.8 |
2021-08-11 | CVE-2021-1107 | Nvidia | Unspecified vulnerability in Nvidia Jetson Linux and Shield Experience NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components. | 7.8 |
2021-08-11 | CVE-2021-38571 | Foxitsoftware | Uncontrolled Search Path Element vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 7.8 |
2021-08-11 | CVE-2020-25561 | Sapphireims | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. | 7.8 |
2021-08-11 | CVE-2021-32439 | Gpac | Classic Buffer Overflow vulnerability in Gpac 1.0.1 Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | 7.8 |
2021-08-11 | CVE-2021-37694 | Asyncapi | Code Injection vulnerability in Asyncapi Java-Spring-Cloud-Stream-Template @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. | 7.8 |
2021-08-11 | CVE-2021-38085 | Canon | Incorrect Permission Assignment for Critical Resource vulnerability in Canon Pixma Tr150 Firmware 3.71.2.10 The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. | 7.8 |
2021-08-11 | CVE-2021-0061 | Intel | Improper Initialization vulnerability in Intel Graphics Drivers Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2021-08-11 | CVE-2021-0062 | Intel | Improper Input Validation vulnerability in Intel Graphics Drivers Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2021-08-11 | CVE-2021-0084 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2021-08-11 | CVE-2021-0160 | Intel | Uncontrolled Search Path Element vulnerability in Intel Avermedia Capture Card Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2021-08-11 | CVE-2021-0196 | Intel | Unspecified vulnerability in Intel products Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2021-08-11 | CVE-2021-32931 | Fatek | Unspecified vulnerability in Fatek Fvdesigner An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | 7.8 |
2021-08-11 | CVE-2021-32939 | Fatek | Out-of-bounds Write vulnerability in Fatek Fvdesigner FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution. | 7.8 |
2021-08-11 | CVE-2021-32947 | Fatek | Unspecified vulnerability in Fatek Fvdesigner FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-08-10 | CVE-2021-21567 | Dell | Improper Privilege Management vulnerability in Dell Powerscale Onefs 9.0.0.0/9.1.0.0 Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. | 7.8 |
2021-08-10 | CVE-2021-21601 | Dell | Unspecified vulnerability in Dell products Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. | 7.8 |
2021-08-10 | CVE-2021-37367 | Ctparental Project | Path Traversal vulnerability in Ctparental Project Ctparental CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. | 7.8 |
2021-08-10 | CVE-2021-22385 | Huawei | Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui and Magic UI A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. | 7.8 |
2021-08-10 | CVE-2021-37179 | Siemens | Unspecified vulnerability in Siemens Solid Edge Se2021 Firmware A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). | 7.8 |
2021-08-10 | CVE-2021-37180 | Siemens | Unspecified vulnerability in Siemens Solid Edge Se2021 Firmware A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). | 7.8 |
2021-08-09 | CVE-2020-24742 | QT | Unspecified vulnerability in QT An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. | 7.8 |
2021-08-09 | CVE-2021-36276 | Dell | Unspecified vulnerability in Dell Dbutildrv2.Sys Firmware 2.5/2.6 Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. | 7.8 |
2021-08-09 | CVE-2021-36277 | Dell | Improper Verification of Cryptographic Signature vulnerability in Dell products Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. | 7.8 |
2021-08-09 | CVE-2021-38305 | 23Andme | Unrestricted Upload of File with Dangerous Type vulnerability in 23Andme Yamale 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. | 7.8 |
2021-08-13 | CVE-2020-18754 | Dcce | Exposure of Resource to Wrong Sphere vulnerability in Dcce Mac1100 PLC Firmware An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. | 7.5 |
2021-08-13 | CVE-2020-18756 | Dcce | Out-of-bounds Read vulnerability in Dcce Mac1100 PLC Firmware An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area. | 7.5 |
2021-08-13 | CVE-2020-18757 | Dcce | Missing Authorization vulnerability in Dcce Mac1100 PLC Firmware An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet. | 7.5 |
2021-08-13 | CVE-2020-18759 | Dcce | Cleartext Storage of Sensitive Information vulnerability in Dcce Mac1100 PLC Firmware An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100. | 7.5 |
2021-08-13 | CVE-2021-36786 | Miniorange | Insecure Storage of Sensitive Information vulnerability in Miniorange Saml The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. | 7.5 |
2021-08-13 | CVE-2021-36793 | Routes Project | Information Exposure vulnerability in Routes Project Routes The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output. | 7.5 |
2021-08-13 | CVE-2021-38623 | Deferred Image Processing Project | Improper Resource Shutdown or Release vulnerability in Deferred Image Processing Project Deferred Image Processing The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. | 7.5 |
2021-08-13 | CVE-2021-37693 | Discourse | Unspecified vulnerability in Discourse Discourse is an open-source platform for community discussion. | 7.5 |
2021-08-13 | CVE-2021-37348 | Nagios | Files or Directories Accessible to External Parties vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | 7.5 |
2021-08-12 | CVE-2021-38614 | Polipo Project | Out-of-bounds Write vulnerability in Polipo Project Polipo Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. | 7.5 |
2021-08-12 | CVE-2021-33056 | Linphone | HTTP Request Smuggling vulnerability in Linphone Belle-Sip Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. | 7.5 |
2021-08-12 | CVE-2021-38291 | Ffmpeg Debian | Reachable Assertion vulnerability in multiple products FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | 7.5 |
2021-08-12 | CVE-2021-38599 | WAL G Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Wal-G Project Wal-G WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. | 7.5 |
2021-08-12 | CVE-2021-38604 | GNU Fedoraproject Oracle | NULL Pointer Dereference vulnerability in multiple products In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. | 7.5 |
2021-08-12 | CVE-2020-20981 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. | 7.5 |
2021-08-12 | CVE-2021-38592 | Wasm3 Project | Out-of-bounds Write vulnerability in Wasm3 Project Wasm3 0.5.0 Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). | 7.5 |
2021-08-12 | CVE-2021-38593 | QT Fedoraproject | Out-of-bounds Write vulnerability in multiple products Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). | 7.5 |
2021-08-11 | CVE-2021-38587 | Cpanel | Race Condition vulnerability in Cpanel In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). | 7.5 |
2021-08-11 | CVE-2021-38565 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware PDF Editor and PDF Reader An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. | 7.5 |
2021-08-11 | CVE-2021-38566 | Foxitsoftware | Uncontrolled Recursion vulnerability in Foxitsoftware PDF Editor and PDF Reader An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. | 7.5 |
2021-08-11 | CVE-2021-38567 | Foxitsoftware Foxit | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. | 7.5 |
2021-08-11 | CVE-2021-38569 | Foxitsoftware | Uncontrolled Recursion vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 7.5 |
2021-08-11 | CVE-2017-16629 | Sapphireims | Information Exposure Through an Error Message vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. | 7.5 |
2021-08-11 | CVE-2017-16632 | Sapphireims | Inadequate Encryption Strength vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, the password in the database is stored in Base64 format. | 7.5 |
2021-08-11 | CVE-2021-20427 | IBM | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
2021-08-11 | CVE-2021-38526 | Netgear | Classic Buffer Overflow vulnerability in Netgear Rax35 Firmware, Rax38 Firmware and Rax40 Firmware Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 7.5 |
2021-08-11 | CVE-2021-38515 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 7.5 |
2021-08-10 | CVE-2021-38511 | TAR Project | Link Following vulnerability in TAR Project TAR An issue was discovered in the tar crate before 0.4.36 for Rust. | 7.5 |
2021-08-10 | CVE-2021-38512 | Actix Fedoraproject | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. | 7.5 |
2021-08-10 | CVE-2021-38490 | Altova | XML Entity Expansion vulnerability in Altova Mobiletogether Server 7.0/7.3 Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425. | 7.5 |
2021-08-10 | CVE-2021-28845 | Trendnet | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key. | 7.5 |
2021-08-10 | CVE-2021-29294 | Dlink | NULL Pointer Dereference vulnerability in Dlink Dsl-2740R Firmware Uk1.01 Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. | 7.5 |
2021-08-10 | CVE-2021-29295 | Dlink | NULL Pointer Dereference vulnerability in Dlink Dsp-W215 Firmware 1.10 Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. | 7.5 |
2021-08-10 | CVE-2021-29296 | Dlink | NULL Pointer Dereference vulnerability in Dlink Dir-825 Firmware 2.10B02 Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. | 7.5 |
2021-08-10 | CVE-2021-28841 | Trendnet | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a ping_ipaddr key. | 7.5 |
2021-08-10 | CVE-2021-28842 | Trendnet | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key. | 7.5 |
2021-08-10 | CVE-2021-28843 | Trendnet | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name. | 7.5 |
2021-08-10 | CVE-2021-28844 | Trendnet | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key. | 7.5 |
2021-08-10 | CVE-2021-38386 | Contiki OS | Classic Buffer Overflow vulnerability in Contiki-Os Contiki 3.0 In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names. | 7.5 |
2021-08-10 | CVE-2021-38387 | Contiki OS | Infinite Loop vulnerability in Contiki-Os Contiki 3.0 In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption. | 7.5 |
2021-08-10 | CVE-2021-28838 | Dlink | NULL Pointer Dereference vulnerability in Dlink products Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. | 7.5 |
2021-08-10 | CVE-2021-28839 | Dlink | NULL Pointer Dereference vulnerability in Dlink products Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. | 7.5 |
2021-08-10 | CVE-2021-28840 | Dlink | NULL Pointer Dereference vulnerability in Dlink products Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. | 7.5 |
2021-08-10 | CVE-2021-38380 | Live555 | Out-of-bounds Read vulnerability in Live555 Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. | 7.5 |
2021-08-10 | CVE-2021-38371 | Exim | Injection vulnerability in Exim The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | 7.5 |
2021-08-10 | CVE-2021-25659 | Siemens | Resource Exhaustion vulnerability in Siemens Automation License Manager A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). | 7.5 |
2021-08-10 | CVE-2021-37172 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. | 7.5 |
2021-08-10 | CVE-2021-3689 | Yiiframework | Use of Insufficiently Random Values vulnerability in Yiiframework YII yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 7.5 |
2021-08-10 | CVE-2021-21501 | Apache | Path Traversal vulnerability in Apache Servicecomb Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. | 7.5 |
2021-08-09 | CVE-2020-23148 | Rconfig | Injection vulnerability in Rconfig 3.9.5 The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | 7.5 |
2021-08-09 | CVE-2020-23149 | Rconfig | SQL Injection vulnerability in Rconfig 3.9.5 The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. | 7.5 |
2021-08-09 | CVE-2020-23150 | Rconfig | SQL Injection vulnerability in Rconfig 3.9.5 A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. | 7.5 |
2021-08-09 | CVE-2021-38311 | Contiki OS | Infinite Loop vulnerability in Contiki-Os Contiki 3.0 In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. | 7.5 |
2021-08-09 | CVE-2015-2073 | SAP | Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | 7.5 |
2021-08-09 | CVE-2015-2074 | SAP | Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | 7.5 |
2021-08-09 | CVE-2021-36798 | Helpsystems | Allocation of Resources Without Limits or Throttling vulnerability in Helpsystems Cobalt Strike 4.2/4.3 A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. | 7.5 |
2021-08-12 | CVE-2021-37655 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.3 | |
2021-08-11 | CVE-2021-1108 | Nvidia | Integer Underflow (Wrap or Wraparound) vulnerability in Nvidia Jetson Linux and Shield Experience NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system. | 7.3 |
2021-08-13 | CVE-2021-36792 | Dated News Project | Unspecified vulnerability in Dated News Project Dated News The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. | 7.2 |
2021-08-12 | CVE-2020-18462 | Aikcms | Unrestricted Upload of File with Dangerous Type vulnerability in Aikcms 2.0 File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | 7.2 |
2021-08-11 | CVE-2021-37626 | Contao | Code Injection vulnerability in Contao Contao is an open source CMS that allows you to create websites and scalable web applications. | 7.2 |
2021-08-11 | CVE-2021-37627 | Contao | Improper Privilege Management vulnerability in Contao Contao is an open source CMS that allows creation of websites and scalable web applications. | 7.2 |
2021-08-11 | CVE-2021-38584 | Cpanel | XXE vulnerability in Cpanel The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). | 7.2 |
2021-08-11 | CVE-2021-38585 | Cpanel | Deserialization of Untrusted Data vulnerability in Cpanel The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | 7.2 |
2021-08-11 | CVE-2021-38531 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.2 |
2021-08-11 | CVE-2021-38532 | Netgear | Unspecified vulnerability in Netgear Wac104 Firmware 1.0.4.13 NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. | 7.2 |
2021-08-11 | CVE-2021-38525 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
2021-08-11 | CVE-2021-38517 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by out-of-bounds reads and writes. | 7.2 |
2021-08-11 | CVE-2021-38518 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
2021-08-11 | CVE-2021-38519 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
2021-08-11 | CVE-2021-38520 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
2021-08-11 | CVE-2021-38521 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
2021-08-11 | CVE-2021-38522 | Netgear | Out-of-bounds Write vulnerability in Netgear R6400 Firmware NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
2021-08-11 | CVE-2021-38523 | Netgear | Out-of-bounds Write vulnerability in Netgear R6400 Firmware NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
2021-08-10 | CVE-2021-33721 | Siemens | OS Command Injection vulnerability in Siemens Sinec Network Management System 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). | 7.2 |
2021-08-09 | CVE-2021-21585 | Dell | OS Command Injection vulnerability in Dell Openmanage Enterprise 3.5 Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. | 7.2 |
2021-08-09 | CVE-2021-24521 | WOW Estore | Unspecified vulnerability in Wow-Estore Side Menu The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. | 7.2 |
2021-08-12 | CVE-2021-37682 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.1 | |
2021-08-12 | CVE-2021-37635 | Out-of-bounds Read vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.1 | |
2021-08-12 | CVE-2021-37641 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.1 | |
2021-08-12 | CVE-2021-37654 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.1 | |
2021-08-12 | CVE-2021-37664 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.1 | |
2021-08-12 | CVE-2021-37643 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.1 | |
2021-08-11 | CVE-2021-1110 | Nvidia | Improper Input Validation vulnerability in Nvidia Jetson Linux NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components. | 7.1 |
2021-08-11 | CVE-2021-0002 | Intel Fedoraproject | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | 7.1 |
2021-08-10 | CVE-2021-22386 | Huawei | Double Free vulnerability in Huawei Emui and Magic UI A component of the Huawei smartphone has a Double Free vulnerability. | 7.0 |
207 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-08-12 | CVE-2020-18454 | Bycms Project | Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0 Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | 6.8 |
2021-08-12 | CVE-2020-18457 | Bycms Project | Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0 Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. | 6.8 |
2021-08-13 | CVE-2021-37028 | Huawei | OS Command Injection vulnerability in Huawei Hg8045Q Firmware V300R016C00Spc110/V300R018C10 There is a command injection vulnerability in the HG8045Q product. | 6.7 |
2021-08-11 | CVE-2021-1111 | Nvidia | Out-of-bounds Read vulnerability in Nvidia Jetson Linux Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components. | 6.7 |
2021-08-13 | CVE-2021-37690 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 6.6 | |
2021-08-13 | CVE-2020-21066 | Axiosys | Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1.0 An issue was discovered in Bento4 v1.5.1.0. | 6.5 |
2021-08-13 | CVE-2021-27402 | Mitel | Path Traversal vulnerability in Mitel Micollab The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal. | 6.5 |
2021-08-13 | CVE-2021-29880 | IBM | Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.4.3 IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. | 6.5 |
2021-08-13 | CVE-2021-32067 | Mitel | Improper Encoding or Escaping of Output vulnerability in Mitel Micollab The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. | 6.5 |
2021-08-13 | CVE-2021-32072 | Mitel | Improper Encoding or Escaping of Output vulnerability in Mitel Micollab The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. | 6.5 |
2021-08-12 | CVE-2021-31731 | Kitesky | Path Traversal vulnerability in Kitesky Kitecms 1.1.1 A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | 6.5 |
2021-08-11 | CVE-2021-37696 | Tmerc Cogs Project | Unspecified vulnerability in Tmerc-Cogs Project Tmerc-Cogs tmerc-cogs are a collection of open source plugins for the Red Discord bot. | 6.5 |
2021-08-11 | CVE-2021-37697 | Tmerc Cogs Project | Unspecified vulnerability in Tmerc-Cogs Project Tmerc-Cogs tmerc-cogs are a collection of open source plugins for the Red Discord bot. | 6.5 |
2021-08-11 | CVE-2017-16631 | Sapphireims | Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971 In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. | 6.5 |
2021-08-11 | CVE-2020-21363 | Maccms | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0 An arbitrary file deletion vulnerability exists within Maccms10. | 6.5 |
2021-08-11 | CVE-2020-25562 | Sapphireims | Cross-Site Request Forgery (CSRF) vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, there is no CSRF token present in the entire application. | 6.5 |
2021-08-11 | CVE-2021-3046 | Paloaltonetworks | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. | 6.5 |
2021-08-11 | CVE-2021-0009 | Intel | Out-of-bounds Read vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0 Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2021-08-10 | CVE-2021-29400 | Netexplorer | Cross-Site Request Forgery (CSRF) vulnerability in Netexplorer MY Smtp Contact 1.1.1 A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site. | 6.5 |
2021-08-10 | CVE-2020-21677 | Libsixel Project | Out-of-bounds Write vulnerability in Libsixel Project Libsixel 1.8.4 A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format. | 6.5 |
2021-08-10 | CVE-2020-21697 | Ffmpeg Debian | Use After Free vulnerability in multiple products A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. | 6.5 |
2021-08-10 | CVE-2021-28846 | Trendnet | Use of Externally-Controlled Format String vulnerability in Trendnet products A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. | 6.5 |
2021-08-10 | CVE-2021-21600 | Dell | Unspecified vulnerability in Dell EMC Networker Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. | 6.5 |
2021-08-10 | CVE-2021-38381 | Live555 | Use After Free vulnerability in Live555 Live555 through 1.08 does not handle MPEG-1 or 2 files properly. | 6.5 |
2021-08-10 | CVE-2021-38382 | Live555 | Use After Free vulnerability in Live555 Live555 through 1.08 does not handle Matroska and Ogg files properly. | 6.5 |
2021-08-10 | CVE-2021-33699 | SAP | Unspecified vulnerability in SAP Fiori Client 3.2 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. | 6.5 |
2021-08-10 | CVE-2021-22674 | Advantech | Path Traversal vulnerability in Advantech Webaccess/Scada The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | 6.5 |
2021-08-09 | CVE-2021-21584 | Dell | Information Exposure vulnerability in Dell products Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. | 6.5 |
2021-08-09 | CVE-2021-29714 | IBM | Improper Input Validation vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. | 6.5 |
2021-08-09 | CVE-2021-24467 | Leaflet MAP Project | Unspecified vulnerability in Leaflet MAP Project Leaflet MAP The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. | 6.5 |
2021-08-13 | CVE-2021-3573 | Linux Redhat Fedoraproject | A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). | 6.4 |
2021-08-11 | CVE-2021-1109 | Nvidia | Unspecified vulnerability in Nvidia Jetson Linux NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams. | 6.3 |
2021-08-13 | CVE-2021-36790 | Dated News Project | Cross-site Scripting vulnerability in Dated News Project Dated News The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. | 6.1 |
2021-08-13 | CVE-2021-27401 | Mitel | Cross-site Scripting vulnerability in Mitel Micollab The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS). | 6.1 |
2021-08-13 | CVE-2021-38619 | Openbaraza | Cross-site Scripting vulnerability in Openbaraza Human Capital Management 3.1.6 openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=). | 6.1 |
2021-08-13 | CVE-2021-38583 | Openbaraza | Cross-site Scripting vulnerability in Openbaraza Human Capital Management 3.1.6 openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=). | 6.1 |
2021-08-13 | CVE-2021-37352 | Nagios | Open Redirect vulnerability in Nagios XI An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. | 6.1 |
2021-08-12 | CVE-2021-37700 | Paste Markdown Project | Unspecified vulnerability in Paste-Markdown Project Paste-Markdown @github/paste-markdown is an npm package for pasting markdown objects. | 6.1 |
2021-08-12 | CVE-2020-18445 | Yunucms | Cross-site Scripting vulnerability in Yunucms 1.1.9 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. | 6.1 |
2021-08-12 | CVE-2021-38087 | Acronis | Cross-site Scripting vulnerability in Acronis Cyber Protect 15 Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | 6.1 |
2021-08-12 | CVE-2021-37699 | Vercel | Open Redirect vulnerability in Vercel Next.Js Next.js is an open source website development framework to be used with the React library. | 6.1 |
2021-08-11 | CVE-2021-22098 | Cloudfoundry | Open Redirect vulnerability in Cloudfoundry User Account and Authentication UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. | 6.1 |
2021-08-11 | CVE-2021-34640 | Securimage WP Fixed Project | Cross-site Scripting vulnerability in Securimage-Wp-Fixed Project Securimage-Wp-Fixed 3.5.4 The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. | 6.1 |
2021-08-11 | CVE-2021-38538 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 6.1 |
2021-08-10 | CVE-2021-37389 | Chamilo | Cross-site Scripting vulnerability in Chamilo 1.11.14 Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter. | 6.1 |
2021-08-10 | CVE-2021-37390 | Chamilo | Cross-site Scripting vulnerability in Chamilo LMS A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). | 6.1 |
2021-08-10 | CVE-2021-32768 | Typo3 | Cross-site Scripting vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 6.1 |
2021-08-10 | CVE-2021-37365 | Ctparental Project | Cross-site Scripting vulnerability in Ctparental Project Ctparental CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. | 6.1 |
2021-08-10 | CVE-2021-22676 | Advantech | Cross-site Scripting vulnerability in Advantech Webaccess/Scada UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. | 6.1 |
2021-08-10 | CVE-2021-33702 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 6.1 |
2021-08-10 | CVE-2021-33703 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 6.1 |
2021-08-10 | CVE-2021-33707 | SAP | Unspecified vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. | 6.1 |
2021-08-10 | CVE-2021-36601 | GET Simple | Cross-site Scripting vulnerability in Get-Simple Getsimplecms 3.3.16 GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. | 6.1 |
2021-08-10 | CVE-2021-31655 | Trendnet | Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.64/1.2.2.65/1.2.2.68 Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. | 6.1 |
2021-08-09 | CVE-2021-37633 | Discourse | Cross-site Scripting vulnerability in Discourse Discourse is an open source discussion platform. | 6.1 |
2021-08-09 | CVE-2021-37634 | Vapor | Cross-site Scripting vulnerability in Vapor Leafkit Leafkit is a templating language with Swift-inspired syntax. | 6.1 |
2021-08-09 | CVE-2018-17861 | SAP | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. | 6.1 |
2021-08-09 | CVE-2018-17862 | SAP | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. | 6.1 |
2021-08-09 | CVE-2018-17865 | SAP | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. | 6.1 |
2021-08-09 | CVE-2021-34660 | Verygoodplugins | Cross-site Scripting vulnerability in Verygoodplugins WP Fusion 3.37.18 The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18. | 6.1 |
2021-08-09 | CVE-2021-37573 | Tiny Java WEB Server Project | Cross-site Scripting vulnerability in Tiny Java web Server Project Tiny Java web Server 1.115 A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page | 6.1 |
2021-08-09 | CVE-2021-24304 | Tagdiv | Unspecified vulnerability in Tagdiv Newsmag The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. | 6.1 |
2021-08-09 | CVE-2021-24495 | Marmoset | Unspecified vulnerability in Marmoset Viewer The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue. | 6.1 |
2021-08-09 | CVE-2021-24522 | Properfraction | Unspecified vulnerability in Properfraction Profilepress The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access. | 6.1 |
2021-08-13 | CVE-2021-31399 | 2N | Improper Certificate Validation vulnerability in 2N Access Unit 2.0 Firmware 2.31.0.40.5 On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack. | 5.9 |
2021-08-12 | CVE-2021-38597 | Wolfssl | Insufficient Verification of Data Authenticity vulnerability in Wolfssl wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | 5.9 |
2021-08-11 | CVE-2021-3048 | Paloaltonetworks | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. | 5.9 |
2021-08-11 | CVE-2021-38543 | TP Link | Unspecified vulnerability in Tp-Link Ue330 Firmware 20210809 TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
2021-08-11 | CVE-2021-38544 | Sony | Unspecified vulnerability in Sony Srs-Xb33 Firmware and Srs-Xb43 Firmware Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
2021-08-11 | CVE-2021-38545 | Raspberrypi | Unspecified vulnerability in Raspberrypi products Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
2021-08-11 | CVE-2021-38546 | Creative | Unspecified vulnerability in Creative products CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
2021-08-11 | CVE-2021-38547 | Logitech | Unspecified vulnerability in Logitech S120 Firmware and Z120 Firmware Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
2021-08-11 | CVE-2021-38548 | JBL | Unspecified vulnerability in JBL GO 2 Firmware 20210809 JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
2021-08-11 | CVE-2021-38549 | Benda | Unspecified vulnerability in Benda Miracase Hmub500 Firmware 20210809 MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
2021-08-10 | CVE-2021-38370 | Alpine Project | Command Injection vulnerability in Alpine Project Alpine In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. | 5.9 |
2021-08-12 | CVE-2021-37668 | Divide By Zero vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37669 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37670 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37672 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37673 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37674 | Improper Validation of Specified Quantity in Input vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37677 | Improper Validation of Specified Quantity in Input vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37683 | Divide By Zero vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37684 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37685 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37687 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37691 | Divide By Zero vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37692 | Unspecified vulnerability in Google Tensorflow 2.5.0/2.5.1/2.5.2 TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37675 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37680 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37686 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37688 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37689 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37644 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37645 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37646 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37661 | Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37637 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37647 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37649 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37636 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37640 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37642 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37653 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-12 | CVE-2021-37660 | Unspecified vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 5.5 | |
2021-08-11 | CVE-2021-38590 | Cpanel | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). | 5.5 |
2021-08-11 | CVE-2021-1112 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia Jetson Linux NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. | 5.5 |
2021-08-11 | CVE-2021-32437 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.0.1 The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | 5.5 |
2021-08-11 | CVE-2021-32438 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.0.1 The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | 5.5 |
2021-08-11 | CVE-2021-32440 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.0.1 The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | 5.5 |
2021-08-11 | CVE-2021-0003 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19 Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2021-08-11 | CVE-2021-0012 | Intel | Use After Free vulnerability in Intel Graphics Driver and Graphics Drivers Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2021-08-10 | CVE-2020-21675 | Fig2Dev Project Debian | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | 5.5 |
2021-08-10 | CVE-2020-21676 | Fig2Dev Project Debian | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | 5.5 |
2021-08-10 | CVE-2020-21678 | Fig2Dev Project | Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | 5.5 |
2021-08-10 | CVE-2020-21680 | Fig2Dev Project | Out-of-bounds Write vulnerability in Fig2Dev Project Fig2Dev 3.2.7B A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | 5.5 |
2021-08-10 | CVE-2020-21681 | Fig2Dev Project | Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | 5.5 |
2021-08-10 | CVE-2020-21682 | Fig2Dev Project | Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | 5.5 |
2021-08-10 | CVE-2020-21683 | Fig2Dev Project | Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | 5.5 |
2021-08-10 | CVE-2020-21684 | Fig2Dev Project | Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7B A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | 5.5 |
2021-08-10 | CVE-2020-23171 | NIM Lang | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nim-Lang A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | 5.5 |
2021-08-10 | CVE-2020-23172 | Kuba Project | Path Traversal vulnerability in Kuba Project Kuba A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. | 5.5 |
2021-08-10 | CVE-2021-33717 | Siemens | NULL Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). | 5.5 |
2021-08-10 | CVE-2021-37178 | Siemens | XXE vulnerability in Siemens Solid Edge Se2021 Firmware A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). | 5.5 |
2021-08-09 | CVE-2021-34335 | Exiv2 Fedoraproject | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-37615 | Exiv2 Fedoraproject | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2015-7731 | SAP | Information Exposure vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | 5.5 |
2021-08-09 | CVE-2021-37616 | Exiv2 Fedoraproject | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-37618 | Exiv2 Fedoraproject | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-37619 | Exiv2 Fedoraproject | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-37620 | Exiv2 Fedoraproject Debian | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-37621 | Exiv2 Fedoraproject Debian | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-37622 | Exiv2 Fedoraproject Debian | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-32815 | Exiv2 Fedoraproject Debian | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-34334 | Exiv2 Fedoraproject Debian | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-09 | CVE-2021-37623 | Exiv2 Fedoraproject | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-08-15 | CVE-2021-38699 | Tastyigniter | Cross-site Scripting vulnerability in Tastyigniter 3.0.7 TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs. | 5.4 |
2021-08-13 | CVE-2021-36785 | Miniorange | Cross-site Scripting vulnerability in Miniorange Saml The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. | 5.4 |
2021-08-13 | CVE-2021-36787 | In2Code | Cross-site Scripting vulnerability in In2Code Femanager The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. | 5.4 |
2021-08-13 | CVE-2021-36788 | Yoast | Cross-site Scripting vulnerability in Yoast SEO 7.2.0/7.2.1 The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. | 5.4 |
2021-08-13 | CVE-2021-32070 | Mitel | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitel Micollab The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. | 5.4 |
2021-08-13 | CVE-2021-37695 | Ckeditor Debian Fedoraproject Oracle | ckeditor is an open source WYSIWYG HTML editor with rich content support. | 5.4 |
2021-08-12 | CVE-2020-20988 | Domainmod | Cross-site Scripting vulnerability in Domainmod 4.13.0 A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter. | 5.4 |
2021-08-12 | CVE-2020-20990 | Domainmod | Cross-site Scripting vulnerability in Domainmod 4.13.0 A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter. | 5.4 |
2021-08-12 | CVE-2020-18449 | Ukcms | Cross-site Scripting vulnerability in Ukcms 1.1.10 Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php | 5.4 |
2021-08-12 | CVE-2021-32808 | Ckeditor Fedoraproject Oracle | ckeditor is an open source WYSIWYG HTML editor with rich content support. | 5.4 |
2021-08-12 | CVE-2021-32809 | Ckeditor Fedoraproject Oracle | Cross-site Scripting vulnerability in multiple products ckeditor is an open source WYSIWYG HTML editor with rich content support. | 5.4 |
2021-08-12 | CVE-2020-20977 | Ukcms | Cross-site Scripting vulnerability in Ukcms 1.1.10 A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. | 5.4 |
2021-08-12 | CVE-2021-27791 | Broadcom | Out-of-bounds Read vulnerability in Broadcom Fabric Operating System The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. | 5.4 |
2021-08-11 | CVE-2020-21362 | Maccms | Cross-site Scripting vulnerability in Maccms 10.0 A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | 5.4 |
2021-08-11 | CVE-2021-38533 | Netgear | Cross-site Scripting vulnerability in Netgear Rax40 Firmware 1.0.3.62 NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. | 5.4 |
2021-08-10 | CVE-2020-21929 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms 1.4.1 A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | 5.4 |
2021-08-10 | CVE-2020-21930 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms 1.4.1 A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | 5.4 |
2021-08-10 | CVE-2021-37391 | Chamilo | Cross-site Scripting vulnerability in Chamilo LMS A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature. | 5.4 |
2021-08-10 | CVE-2021-37152 | Sonatype | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. | 5.4 |
2021-08-09 | CVE-2013-4718 | Otrs | Cross-site Scripting vulnerability in Otrs and Otrs Itsm Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. | 5.4 |
2021-08-09 | CVE-2021-37788 | Gurock | Improper Restriction of Rendered UI Layers or Frames vulnerability in Gurock Testrail 5.3.0.3603 A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. | 5.4 |
2021-08-09 | CVE-2021-24505 | Madeit | Unspecified vulnerability in Madeit Forms The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. | 5.4 |
2021-08-09 | CVE-2021-24509 | A3Rev | Unspecified vulnerability in A3Rev Page View Count The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. | 5.4 |
2021-08-09 | CVE-2021-37211 | Larvata | Cross-site Scripting vulnerability in Larvata Flygo 1.90.5 The bulletin function of Flygo does not filter special characters while a new announcement is added. | 5.4 |
2021-08-09 | CVE-2021-37212 | Larvata | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 5.4 |
2021-08-15 | CVE-2021-37326 | Netsarang | Information Exposure vulnerability in Netsarang Xshell 7 NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | 5.3 |
2021-08-13 | CVE-2021-36791 | Dated News Project | Unspecified vulnerability in Dated News Project Dated News The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. | 5.3 |
2021-08-13 | CVE-2021-38554 | Hashicorp | Improper Cross-boundary Removal of Sensitive Data vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. | 5.3 |
2021-08-13 | CVE-2021-37351 | Nagios | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | 5.3 |
2021-08-12 | CVE-2021-27793 | Broadcom | Incorrect Authorization vulnerability in Broadcom Fabric Operating System ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. | 5.3 |
2021-08-10 | CVE-2021-3692 | Yiiframework | Use of Insufficiently Random Values vulnerability in Yiiframework YII yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.3 |
2021-08-10 | CVE-2021-38373 | KDE | Cleartext Transmission of Sensitive Information vulnerability in KDE Kmail 19.12.3 In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. | 5.3 |
2021-08-10 | CVE-2020-28397 | Siemens | Incorrect Authorization vulnerability in Siemens products A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. | 5.3 |
2021-08-09 | CVE-2021-20349 | IBM | Out-of-bounds Write vulnerability in IBM Tivoli Workload Scheduler 9.4/9.5 IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 5.3 |
2021-08-13 | CVE-2021-37586 | Mitel | Improper Input Validation vulnerability in Mitel Interaction Recording 6.6 The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation. | 4.9 |
2021-08-11 | CVE-2021-3045 | Paloaltonetworks | Argument Injection or Modification vulnerability in Paloaltonetworks Pan-Os An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. | 4.9 |
2021-08-11 | CVE-2021-38524 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 4.9 |
2021-08-10 | CVE-2021-29739 | IBM | Unchecked Return Value vulnerability in IBM Planning Analytics Local 2.0.0 IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | 4.9 |
2021-08-13 | CVE-2021-32069 | Mitel | Improper Certificate Validation vulnerability in Mitel Micollab The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. | 4.8 |
2021-08-12 | CVE-2021-38602 | Pluxml | Cross-site Scripting vulnerability in Pluxml 5.8.7 PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. | 4.8 |
2021-08-12 | CVE-2021-38603 | Pluxml | Cross-site Scripting vulnerability in Pluxml 5.8.7 PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. | 4.8 |
2021-08-12 | CVE-2020-18451 | Damicms | Cross-site Scripting vulnerability in Damicms 6.0.6 Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | 4.8 |
2021-08-12 | CVE-2020-18455 | Bycms Project | Cross-site Scripting vulnerability in Bycms Project Bycms 1.3.0 Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. | 4.8 |
2021-08-12 | CVE-2020-18456 | Pbootcms | Cross-site Scripting vulnerability in Pbootcms 1.3.7 Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. | 4.8 |
2021-08-12 | CVE-2020-18446 | Yunucms | Cross-site Scripting vulnerability in Yunucms 1.1.9 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. | 4.8 |
2021-08-12 | CVE-2021-35955 | Contao | Cross-site Scripting vulnerability in Contao Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. | 4.8 |
2021-08-11 | CVE-2021-38534 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-08-11 | CVE-2021-38535 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-08-11 | CVE-2021-38536 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-08-11 | CVE-2021-38537 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-08-09 | CVE-2021-24502 | Flippercode | Unspecified vulnerability in Flippercode WP Google MAP 1.1.0/1.2.0 The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed | 4.8 |
2021-08-11 | CVE-2021-1113 | Nvidia | Unspecified vulnerability in Nvidia Jetson Linux NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients. | 4.7 |
2021-08-09 | CVE-2021-34661 | Verygoodplugins | Cross-Site Request Forgery (CSRF) vulnerability in Verygoodplugins WP Fusion 3.37.18 The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18. | 4.7 |
2021-08-13 | CVE-2021-38553 | Hashicorp | Improper Preservation of Permissions vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. | 4.4 |
2021-08-13 | CVE-2021-3635 | Linux Redhat Fedoraproject | A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. | 4.4 |
2021-08-11 | CVE-2021-38586 | Cpanel | Unspecified vulnerability in Cpanel In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). | 4.4 |
2021-08-11 | CVE-2021-1114 | Nvidia | Use After Free vulnerability in Nvidia Jetson Linux NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service. | 4.4 |
2021-08-11 | CVE-2021-0004 | Intel Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2021-08-11 | CVE-2021-0005 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0 Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2021-08-11 | CVE-2021-0006 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2021-08-11 | CVE-2021-0007 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11 Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local access. | 4.4 |
2021-08-11 | CVE-2021-0008 | Intel | Resource Exhaustion vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0 Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access. | 4.4 |
2021-08-11 | CVE-2021-0083 | Intel | Improper Input Validation vulnerability in Intel Optane Persistent Memory Firmware 1.2.0.5446 Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2021-08-13 | CVE-2021-37703 | Discourse | Unspecified vulnerability in Discourse Discourse is an open-source platform for community discussion. | 4.3 |
2021-08-12 | CVE-2020-20989 | Domainmod | Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.13.0 A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. | 4.3 |
2021-08-12 | CVE-2021-37704 | Phpfastcache | Exposure of Resource to Wrong Sphere vulnerability in PHPfastcache PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). | 4.3 |
2021-08-11 | CVE-2021-20420 | IBM | Unspecified vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. | 4.3 |
2021-08-10 | CVE-2021-33706 | SAP | Improper Input Validation vulnerability in SAP Infrabox Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | 4.3 |
2021-08-09 | CVE-2021-25954 | Dolibarr | Incorrect Authorization vulnerability in Dolibarr In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. | 4.3 |
2021-08-09 | CVE-2021-37213 | Larvata | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
2021-08-09 | CVE-2021-37215 | Larvata | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
16 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-08-10 | CVE-2021-21597 | Dell | Unspecified vulnerability in Dell Wyse Thinos 9.0/9.1 Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. | 3.9 |
2021-08-10 | CVE-2021-21598 | Dell | Unspecified vulnerability in Dell Wyse Thinos 9.0/9.1 Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. | 3.9 |
2021-08-10 | CVE-2020-25082 | Nuvoton | Information Exposure Through Discrepancy vulnerability in Nuvoton Npct75X Firmware An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. | 3.8 |
2021-08-14 | CVE-2020-36473 | Ucweb | Cleartext Storage of Sensitive Information vulnerability in Ucweb UC UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs. | 3.7 |
2021-08-13 | CVE-2021-32068 | Mitel | Allocation of Resources Without Limits or Throttling vulnerability in Mitel Micollab The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. | 3.7 |
2021-08-10 | CVE-2021-38372 | KDE | Command Injection vulnerability in KDE Trojita 0.7 In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. | 3.7 |
2021-08-10 | CVE-2021-38365 | Tonewinner | Unspecified vulnerability in Tonewinner Winner Desktop Speakers Firmware 20210809 Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 3.7 |
2021-08-12 | CVE-2020-18464 | Aikcms | Cross-Site Request Forgery (CSRF) vulnerability in Aikcms 2.0 Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. | 3.5 |
2021-08-11 | CVE-2021-33594 | F Secure | Unspecified vulnerability in F-Secure Safe 17.9 An address bar spoofing vulnerability was discovered in Safe Browser for Android. | 3.5 |
2021-08-11 | CVE-2021-33595 | F Secure | Unspecified vulnerability in F-Secure Safe A address bar spoofing vulnerability was discovered in Safe Browser for iOS. | 3.5 |
2021-08-12 | CVE-2021-38591 | Unspecified vulnerability in Google Android 10.0/9.0 An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. | 3.3 | |
2021-08-10 | CVE-2021-33738 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). | 3.3 |
2021-08-11 | CVE-2021-3047 | Paloaltonetworks | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Paloaltonetworks Pan-Os A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. | 3.1 |
2021-08-11 | CVE-2021-38514 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 2.7 |
2021-08-12 | CVE-2020-18463 | Aikcms | Cross-Site Request Forgery (CSRF) vulnerability in Aikcms 2.0 Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. | 2.4 |
2021-08-09 | CVE-2021-21740 | ZTE | Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. | 2.4 |