Weekly Vulnerabilities Reports > August 9 to 15, 2021

Overview

411 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 50 high severity vulnerabilities. This weekly summary report vulnerabilities in 400 products from 145 vendors including Google, Microsoft, Fedoraproject, Foxitsoftware, and SAP. Vulnerabilities are notably categorized as "Cross-site Scripting", "NULL Pointer Dereference", "Out-of-bounds Write", "Out-of-bounds Read", and "SQL Injection".

  • 294 reported vulnerabilities are remotely exploitables.
  • 112 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 343 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 45 reported vulnerabilities.
  • Netgear has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-13 CVE-2020-18758 Dcce Command Injection vulnerability in Dcce Mac1100 PLC Firmware

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.

10.0
2021-08-13 CVE-2021-36380 Sunhillo OS Command Injection vulnerability in Sunhillo Sureline

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

10.0
2021-08-12 CVE-2021-31698 Quectel OS Command Injection vulnerability in Quectel Eg25-G Firmware

Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.

10.0
2021-08-11 CVE-2021-38528 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

10.0
2021-08-11 CVE-2021-38513 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

10.0
2021-08-11 CVE-2021-38516 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by lack of access control at the function level.

10.0
2021-08-12 CVE-2021-36958 Microsoft Unspecified vulnerability in Microsoft Windows

Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.

9.3
2021-08-12 CVE-2021-36982 Monitorapp Improper Input Validation vulnerability in Monitorapp Application Insight Manager

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.

9.3
2021-08-09 CVE-2021-38305 23Andme Unrestricted Upload of File with Dangerous Type vulnerability in 23Andme Yamale

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file.

9.3
2021-08-09 CVE-2014-9320 SAP Improper Authentication vulnerability in SAP Businessobjects Edge 4.1

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.

9.3
2021-08-09 CVE-2021-33256 Zohocorp Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1

** DISPUTED ** A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user.

9.3
2021-08-10 CVE-2021-33721 Siemens OS Command Injection vulnerability in Siemens Sinec Network Management System 1.0

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2).

9.0
2021-08-09 CVE-2021-21585 Dell OS Command Injection vulnerability in Dell Openmanage Enterprise

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools.

9.0

50 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-13 CVE-2020-18757 Dcce Missing Authorization vulnerability in Dcce Mac1100 PLC Firmware

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.

7.8
2021-08-13 CVE-2021-21829 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7.

7.5
2021-08-13 CVE-2021-21830 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7.

7.5
2021-08-13 CVE-2020-18753 Dcce Missing Authorization vulnerability in Dcce Mac1100 PLC Firmware

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.

7.5
2021-08-13 CVE-2021-38302 Newsletter Project SQL Injection vulnerability in Newsletter Project Newsletter

The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.

7.5
2021-08-13 CVE-2021-1104 Risc V Use of Uninitialized Resource vulnerability in Risc-V Instruction SET Manual

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

7.5
2021-08-13 CVE-2021-32071 Mitel Unspecified vulnerability in Mitel Micollab

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control.

7.5
2021-08-13 CVE-2021-37344 Nagios OS Command Injection vulnerability in Nagios XI Switch Wizard

Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).

7.5
2021-08-13 CVE-2021-37346 Nagios OS Command Injection vulnerability in Nagios XI Watchguard Wizard

Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).

7.5
2021-08-13 CVE-2021-37350 Nagios SQL Injection vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.

7.5
2021-08-13 CVE-2021-37353 Nagios Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Docker Wizard

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.

7.5
2021-08-12 CVE-2020-36363 Amazon Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019

Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.

7.5
2021-08-12 CVE-2021-28121 Virtual Robots TXT Project Unspecified vulnerability in Virtual Robots.Txt Project Virtual Robots.Txt

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.

7.5
2021-08-12 CVE-2021-28890 J2Eefast SQL Injection vulnerability in J2Eefast 2.2.1

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.

7.5
2021-08-12 CVE-2021-29377 Pearadmin Unrestricted Upload of File with Dangerous Type vulnerability in Pearadmin Think

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely.

7.5
2021-08-12 CVE-2021-31556 Mediawiki
Fedoraproject
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.

7.5
2021-08-12 CVE-2021-33199 Expressionengine Improper Input Validation vulnerability in Expressionengine

In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.

7.5
2021-08-12 CVE-2021-37599 Nuance SQL Injection vulnerability in Nuance Winscribe Dictation 4.1.0.99

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.

7.5
2021-08-12 CVE-2021-26432 Microsoft Unspecified vulnerability in Microsoft products

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability

7.5
2021-08-12 CVE-2021-38606 Rengine Project Use of Insufficiently Random Values vulnerability in Rengine Project Rengine

reNgine through 0.5 relies on a predictable directory name.

7.5
2021-08-12 CVE-2020-20979 8Cms Unrestricted Upload of File with Dangerous Type vulnerability in 8Cms Ljcms 4.3.

An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.

7.5
2021-08-12 CVE-2021-20314 Libspf2
Redhat
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

7.5
2021-08-11 CVE-2021-38563 Foxitsoftware
Foxit
Improper Validation of Array Index vulnerability in multiple products

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

7.5
2021-08-11 CVE-2021-38568 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

7.5
2021-08-11 CVE-2021-38572 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

7.5
2021-08-11 CVE-2021-38573 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

7.5
2021-08-11 CVE-2021-38574 Foxitsoftware SQL Injection vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

7.5
2021-08-11 CVE-2020-21359 Maccms Unrestricted Upload of File with Dangerous Type vulnerability in Maccms 10.0

An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.

7.5
2021-08-11 CVE-2020-25560 Sapphireims OS Command Injection vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal.

7.5
2021-08-11 CVE-2020-25563 Sapphireims Missing Authentication for Critical Function vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.

7.5
2021-08-11 CVE-2020-25565 Sapphireims Use of Hard-coded Credentials vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal.

7.5
2021-08-11 CVE-2020-25566 Sapphireims Missing Authentication for Critical Function vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC.

7.5
2021-08-11 CVE-2021-33793 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

7.5
2021-08-11 CVE-2021-23421 Merge Change Project Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Merge-Change Project Merge-Change

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.

7.5
2021-08-11 CVE-2021-38529 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

7.5
2021-08-10 CVE-2021-38140 SET User Project Improper Privilege Management vulnerability in SET User Project SET User

The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().

7.5
2021-08-10 CVE-2021-38383 Owntone Project Use After Free vulnerability in Owntone Project Owntone

OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.

7.5
2021-08-10 CVE-2021-38384 Serverless Offline Project Improper Handling of Exceptional Conditions vulnerability in Serverless Offline Project Serverless Offline 8.0.0

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

7.5
2021-08-10 CVE-2021-32943 Advantech Out-of-bounds Write vulnerability in Advantech Webaccess/Scada

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

7.5
2021-08-09 CVE-2020-23151 Rconfig OS Command Injection vulnerability in Rconfig 3.9.5

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.

7.5
2021-08-09 CVE-2021-21564 Dell Improper Authentication vulnerability in Dell Openmanage Enterprise

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability.

7.5
2021-08-09 CVE-2021-22910 Rocket Chat Injection vulnerability in Rocket.Chat

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.

7.5
2021-08-09 CVE-2021-24499 Amentotech Unrestricted Upload of File with Dangerous Type vulnerability in Amentotech Workreap

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way.

7.5
2021-08-09 CVE-2021-24507 Brainstormforce SQL Injection vulnerability in Brainstormforce Astra

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues

7.5
2021-08-13 CVE-2021-34398 Nvidia Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nvidia Data Center GPU Manager

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.

7.2
2021-08-12 CVE-2021-27790 Broadcom Out-of-bounds Write vulnerability in Broadcom Fabric Operating System

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input.

7.2
2021-08-12 CVE-2021-27792 Broadcom Unspecified vulnerability in Broadcom Fabric Operating System

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.

7.2
2021-08-11 CVE-2021-38085 Canon Incorrect Permission Assignment for Critical Resource vulnerability in Canon Pixma Tr150 Firmware 3.71.2.10

The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue.

7.2
2021-08-10 CVE-2021-22385 Huawei Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui and Magic UI

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability.

7.2
2021-08-09 CVE-2021-36277 Dell Improper Verification of Cryptographic Signature vulnerability in Dell Command | Update and Update/Alienware Update

Dell Command Update, Dell Update, and Alienware Update versions prior to 4.3 contains a Improper Certificate Verification vulnerability.

7.2

267 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-13 CVE-2021-37028 Huawei OS Command Injection vulnerability in Huawei Hg8045Q Firmware V300R016C00Spc110/V300R018C10

There is a command injection vulnerability in the HG8045Q product.

6.9
2021-08-13 CVE-2021-3573 Linux
Redhat
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info().

6.9
2021-08-10 CVE-2021-22386 Huawei Double Free vulnerability in Huawei Emui and Magic UI

A component of the Huawei smartphone has a Double Free vulnerability.

6.9
2021-08-13 CVE-2021-37705 Microsoft Improper Authorization vulnerability in Microsoft Onefuzz

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform.

6.8
2021-08-12 CVE-2020-22403 Express Cart Project Cross-Site Request Forgery (CSRF) vulnerability in Express-Cart Project Express-Cart

The express-cart package through 1.1.10 for Node.js allows CSRF.

6.8
2021-08-12 CVE-2021-38366 Sitecore Unrestricted Upload of File with Dangerous Type vulnerability in Sitecore

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.

6.8
2021-08-12 CVE-2020-18460 711Cms Cross-Site Request Forgery (CSRF) vulnerability in 711Cms 1.0.7

Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.

6.8
2021-08-12 CVE-2021-34478 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Office Remote Code Execution Vulnerability

6.8
2021-08-12 CVE-2021-34480 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Scripting Engine Memory Corruption Vulnerability

6.8
2021-08-12 CVE-2021-34530 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Remote Code Execution Vulnerability

6.8
2021-08-12 CVE-2021-34533 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Font Parsing Remote Code Execution Vulnerability

6.8
2021-08-12 CVE-2021-34535 Microsoft Unspecified vulnerability in Microsoft products

Remote Desktop Client Remote Code Execution Vulnerability

6.8
2021-08-11 CVE-2021-36770 P5 Encode Project
Fedoraproject
Uncontrolled Search Path Element vulnerability in multiple products

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading.

6.8
2021-08-11 CVE-2021-32439 Gpac Classic Buffer Overflow vulnerability in Gpac 1.0.1

Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

6.8
2021-08-11 CVE-2021-37694 Asyncapi Code Injection vulnerability in Asyncapi Java-Spring-Cloud-Stream-Template

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice.

6.8
2021-08-11 CVE-2020-28589 Tinyobjloader Project Improper Validation of Array Index vulnerability in Tinyobjloader Project Tinyobjloader 2.0

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421.

6.8
2021-08-11 CVE-2021-32931 Fatek Access of Uninitialized Pointer vulnerability in Fatek Fvdesigner

An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

6.8
2021-08-11 CVE-2021-32939 Fatek Out-of-bounds Write vulnerability in Fatek Fvdesigner

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution.

6.8
2021-08-11 CVE-2021-32947 Fatek Stack-based Buffer Overflow vulnerability in Fatek Fvdesigner

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

6.8
2021-08-10 CVE-2020-21688 Ffmpeg
Debian
Use After Free vulnerability in multiple products

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

6.8
2021-08-10 CVE-2021-37366 Ctparental Project Cross-Site Request Forgery (CSRF) vulnerability in Ctparental Project Ctparental

CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel.

6.8
2021-08-10 CVE-2021-37179 Siemens Use After Free vulnerability in Siemens Solid Edge Se2021 Firmware

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7).

6.8
2021-08-10 CVE-2021-37180 Siemens Access of Uninitialized Pointer vulnerability in Siemens Solid Edge Se2021 Firmware

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7).

6.8
2021-08-09 CVE-2020-24741 QT Unspecified vulnerability in QT 5.13.1/5.14.0

An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

6.8
2021-08-09 CVE-2020-24742 QT Unspecified vulnerability in QT

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

6.8
2021-08-09 CVE-2021-32797 Jupyter Cross-site Scripting vulnerability in Jupyter Jupyterlab

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook.

6.8
2021-08-09 CVE-2021-32798 Jupyter Cross-site Scripting vulnerability in Jupyter Notebook

The Jupyter notebook is a web-based notebook environment for interactive computing.

6.8
2021-08-09 CVE-2021-38290 Thedaylightstudio Injection vulnerability in Thedaylightstudio Fuel CMS

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php.

6.8
2021-08-11 CVE-2021-1110 Nvidia Improper Input Validation vulnerability in Nvidia Jetson Linux

NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.

6.6
2021-08-13 CVE-2021-37343 Nagios Path Traversal vulnerability in Nagios XI

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

6.5
2021-08-12 CVE-2020-18462 Aikcms Unrestricted Upload of File with Dangerous Type vulnerability in Aikcms 2.0

File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.

6.5
2021-08-12 CVE-2021-34524 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 9.0/9.1

Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

6.5
2021-08-12 CVE-2021-36921 Monitorapp Improper Authentication vulnerability in Monitorapp Application Insight Manager

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication.

6.5
2021-08-11 CVE-2017-16630 Sapphireims Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

6.5
2021-08-11 CVE-2020-25564 Sapphireims Incorrect Authorization vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.

6.5
2021-08-11 CVE-2021-38539 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by privilege escalation.

6.5
2021-08-11 CVE-2021-38518 Netgear Command Injection vulnerability in Netgear Rbk852 Firmware, Rbr850 Firmware and Rbs850 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.5
2021-08-11 CVE-2021-38520 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.5
2021-08-11 CVE-2021-38521 Netgear Command Injection vulnerability in Netgear R7900P Firmware and R8000P Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.5
2021-08-10 CVE-2021-33708 Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.
6.5
2021-08-09 CVE-2013-4717 Otrs SQL Injection vulnerability in Otrs

Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.

6.5
2021-08-09 CVE-2021-24520 Coderstimes SQL Injection vulnerability in Coderstimes OUT of Stock Message for Woocommerce

The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks.

6.5
2021-08-09 CVE-2021-24521 WOW Estore SQL Injection vulnerability in Wow-Estore Side Menu

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement.

6.5
2021-08-09 CVE-2021-37214 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.

6.5
2021-08-13 CVE-2021-34823 On24 XXE vulnerability in On24 Screenshare

The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server.

6.4
2021-08-13 CVE-2021-27402 Mitel Path Traversal vulnerability in Mitel Micollab

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.

6.4
2021-08-13 CVE-2021-32067 Mitel Improper Encoding or Escaping of Output vulnerability in Mitel Micollab

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.

6.4
2021-08-13 CVE-2021-3352 Mitel Unspecified vulnerability in Mitel Micontact Center Business

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.

6.4
2021-08-13 CVE-2021-38621 Netless Unspecified vulnerability in Netless Flat Server

The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.

6.4
2021-08-13 CVE-2021-27741 Hcltechsw XXE vulnerability in Hcltechsw HCL Commerce

" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"

6.4
2021-08-11 CVE-2021-38564 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware PDF Editor and PDF Reader

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

6.4
2021-08-11 CVE-2021-38570 Foxitsoftware Link Following vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

6.4
2021-08-11 CVE-2021-33794 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

6.4
2021-08-10 CVE-2021-37425 Altova XXE vulnerability in Altova Mobiletogether Server 7.3

Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.

6.4
2021-08-12 CVE-2020-18458 Damicms Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.6

Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.

6.0
2021-08-12 CVE-2020-18454 Bycms Project Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0

Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.

6.0
2021-08-12 CVE-2020-18457 Bycms Project Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0

Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.

6.0
2021-08-13 CVE-2021-32069 Mitel Improper Certificate Validation vulnerability in Mitel Micollab

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation.

5.8
2021-08-13 CVE-2021-32070 Mitel Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitel Micollab

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response.

5.8
2021-08-13 CVE-2021-37352 Nagios Open Redirect vulnerability in Nagios XI

An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing.

5.8
2021-08-10 CVE-2021-33707 SAP Open Redirect vulnerability in SAP Netweaver Knowledge Management

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component.

5.8
2021-08-09 CVE-2021-21596 Dell Improper Privilege Management vulnerability in Dell products

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability.

5.8
2021-08-09 CVE-2021-24500 Amentotech Missing Authorization vulnerability in Amentotech Workreap

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated.

5.8
2021-08-12 CVE-2021-31731 Kitesky Path Traversal vulnerability in Kitesky Kitecms 1.1.1

A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.

5.5
2021-08-12 CVE-2021-27791 Broadcom Out-of-bounds Read vulnerability in Broadcom Fabric Operating System

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range.

5.5
2021-08-11 CVE-2020-21363 Maccms Externally Controlled Reference to a Resource in Another Sphere vulnerability in Maccms 10.0

An arbitrary file deletion vulnerability exists within Maccms10.

5.5
2021-08-09 CVE-2021-24501 Amentotech Missing Authorization vulnerability in Amentotech Workreap

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects.

5.5
2021-08-09 CVE-2021-37212 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.

5.5
2021-08-11 CVE-2021-1113 Nvidia Unspecified vulnerability in Nvidia Jetson Linux

NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients.

5.4
2021-08-12 CVE-2021-34534 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Remote Code Execution Vulnerability

5.1
2021-08-15 CVE-2021-37326 Netsarang Information Exposure vulnerability in Netsarang Xshell 7

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.

5.0
2021-08-13 CVE-2020-18754 PLC Mac1100 Project Exposure of Resource to Wrong Sphere vulnerability in PLC Mac1100 Project PLC Mac1100 Firmware

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.

5.0
2021-08-13 CVE-2020-18756 Dcce Out-of-bounds Read vulnerability in Dcce Mac1100 PLC Firmware

An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.

5.0
2021-08-13 CVE-2020-18759 Dcce Cleartext Storage of Sensitive Information vulnerability in Dcce Mac1100 PLC Firmware

An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.

5.0
2021-08-13 CVE-2021-36786 Miniorange Insecure Storage of Sensitive Information vulnerability in Miniorange Saml

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.

5.0
2021-08-13 CVE-2021-36791 Dated News Project Unspecified vulnerability in Dated News Project Dated News

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.

5.0
2021-08-13 CVE-2021-36793 Routes Project Information Exposure vulnerability in Routes Project Routes

The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.

5.0
2021-08-13 CVE-2021-38623 Deferred Image Processing Project Improper Resource Shutdown or Release vulnerability in Deferred Image Processing Project Deferred Image Processing

The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.

5.0
2021-08-13 CVE-2021-37693 Discourse Insufficient Session Expiration vulnerability in Discourse

Discourse is an open-source platform for community discussion.

5.0
2021-08-13 CVE-2021-37348 Nagios Files or Directories Accessible to External Parties vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.

5.0
2021-08-13 CVE-2021-37351 Nagios Incorrect Default Permissions vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.

5.0
2021-08-12 CVE-2021-38614 Polipo Project Out-of-bounds Write vulnerability in Polipo Project Polipo

** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header.

5.0
2021-08-12 CVE-2021-33056 Linphone HTTP Request Smuggling vulnerability in Linphone Belle-Sip

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.

5.0
2021-08-12 CVE-2021-26433 Microsoft Unspecified vulnerability in Microsoft products

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36926, CVE-2021-36932, CVE-2021-36933.

5.0
2021-08-12 CVE-2021-36942 Microsoft Authentication Bypass by Spoofing vulnerability in Microsoft products

Windows LSA Spoofing Vulnerability

5.0
2021-08-12 CVE-2021-38291 Ffmpeg
Debian
Reachable Assertion vulnerability in multiple products

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

5.0
2021-08-12 CVE-2021-38599 WAL G Project Improper Check for Unusual or Exceptional Conditions vulnerability in Wal-G Project Wal-G

WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups.

5.0
2021-08-12 CVE-2021-38604 GNU
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference.

5.0
2021-08-12 CVE-2020-20981 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.

5.0
2021-08-12 CVE-2021-27793 Broadcom Incorrect Authorization vulnerability in Broadcom Fabric Operating System

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

5.0
2021-08-12 CVE-2021-38593 QT
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

5.0
2021-08-11 CVE-2021-38587 Cpanel Race Condition vulnerability in Cpanel

In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).

5.0
2021-08-11 CVE-2021-38565 Foxitsoftware Unspecified vulnerability in Foxitsoftware PDF Editor and PDF Reader

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

5.0
2021-08-11 CVE-2021-38566 Foxitsoftware Uncontrolled Recursion vulnerability in Foxitsoftware PDF Editor and PDF Reader

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1.

5.0
2021-08-11 CVE-2021-38567 Foxitsoftware
Foxit
An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS.
5.0
2021-08-11 CVE-2021-38569 Foxitsoftware Uncontrolled Recursion vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

5.0
2021-08-11 CVE-2017-16629 Sapphireims Information Exposure Through an Error Message vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form.

5.0
2021-08-11 CVE-2017-16632 Sapphireims Inadequate Encryption Strength vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, the password in the database is stored in Base64 format.

5.0
2021-08-11 CVE-2021-38526 Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.
5.0
2021-08-11 CVE-2021-38515 Netgear Unspecified vulnerability in Netgear R6400 Firmware, R6700 Firmware and R8000 Firmware

Certain NETGEAR devices are affected by denial of service.

5.0
2021-08-10 CVE-2021-38511 TAR Project Path Traversal vulnerability in TAR Project TAR

An issue was discovered in the tar crate before 0.4.36 for Rust.

5.0
2021-08-10 CVE-2021-38512 Actix
Fedoraproject
HTTP Request Smuggling vulnerability in multiple products

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust.

5.0
2021-08-10 CVE-2021-38490 Altova XML Entity Expansion vulnerability in Altova Mobiletogether Server 7.3

Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.

5.0
2021-08-10 CVE-2021-28845 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.

5.0
2021-08-10 CVE-2021-29294 Dlink NULL Pointer Dereference vulnerability in Dlink Dsl-2740R Firmware Uk1.01

** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function.

5.0
2021-08-10 CVE-2021-29295 Dlink NULL Pointer Dereference vulnerability in Dlink Dsp-W215 Firmware 1.10

** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd.

5.0
2021-08-10 CVE-2021-29296 Dlink NULL Pointer Dereference vulnerability in Dlink Dir-825 Firmware 2.10B02

** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service.

5.0
2021-08-10 CVE-2021-28841 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a ping_ipaddr key.

5.0
2021-08-10 CVE-2021-28842 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key.

5.0
2021-08-10 CVE-2021-28843 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.

5.0
2021-08-10 CVE-2021-28844 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.

5.0
2021-08-10 CVE-2021-38386 Contiki OS Classic Buffer Overflow vulnerability in Contiki-Os Contiki 3.0

In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.

5.0
2021-08-10 CVE-2021-38387 Contiki OS Infinite Loop vulnerability in Contiki-Os Contiki 3.0

In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.

5.0
2021-08-10 CVE-2021-28838 Dlink NULL Pointer Dereference vulnerability in Dlink products

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary.

5.0
2021-08-10 CVE-2021-28839 Dlink NULL Pointer Dereference vulnerability in Dlink products

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary.

5.0
2021-08-10 CVE-2021-28840 Dlink NULL Pointer Dereference vulnerability in Dlink products

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary.

5.0
2021-08-10 CVE-2021-38380 Live555 Out-of-bounds Read vulnerability in Live555

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read.

5.0
2021-08-10 CVE-2021-3692 Yiiframework Use of Insufficiently Random Values vulnerability in Yiiframework YII

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

5.0
2021-08-10 CVE-2020-28397 Siemens Incorrect Authorization vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.

5.0
2021-08-10 CVE-2021-25659 Siemens Resource Exhaustion vulnerability in Siemens Automation License Manager

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2).

5.0
2021-08-10 CVE-2021-37172 Siemens Improper Authentication vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl.

5.0
2021-08-10 CVE-2021-3689 Yiiframework Use of Insufficiently Random Values vulnerability in Yiiframework YII

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

5.0
2021-08-10 CVE-2021-21501 Apache Path Traversal vulnerability in Apache Servicecomb

Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.

5.0
2021-08-09 CVE-2020-23148 Rconfig Injection vulnerability in Rconfig 3.9.5

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.

5.0
2021-08-09 CVE-2020-23149 Rconfig SQL Injection vulnerability in Rconfig 3.9.5

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.

5.0
2021-08-09 CVE-2020-23150 Rconfig SQL Injection vulnerability in Rconfig 3.9.5

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.

5.0
2021-08-09 CVE-2015-2073 SAP Path Traversal vulnerability in SAP Businessobjects Edge 4.0

The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.

5.0
2021-08-09 CVE-2015-2074 SAP Path Traversal vulnerability in SAP Businessobjects Edge 4.0

The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.

5.0
2021-08-09 CVE-2021-36798 Helpsystems Allocation of Resources Without Limits or Throttling vulnerability in Helpsystems Cobalt Strike 4.2/4.3

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3.

5.0
2021-08-13 CVE-2021-3635 Linux
Redhat
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7.

4.9
2021-08-11 CVE-2021-1112 Nvidia NULL Pointer Dereference vulnerability in Nvidia Jetson Linux

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.

4.9
2021-08-11 CVE-2021-1114 Nvidia Use After Free vulnerability in Nvidia Jetson Linux

NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service.

4.9
2021-08-13 CVE-2021-21812 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7.

4.6
2021-08-13 CVE-2021-21813 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line.

4.6
2021-08-13 CVE-2021-21814 ATT Argument Injection or Modification vulnerability in ATT Xmill 0.7

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line.

4.6
2021-08-13 CVE-2021-21815 ATT Out-of-bounds Write vulnerability in ATT Xmill 0.7

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7.

4.6
2021-08-13 CVE-2021-37345 Nagios Improper Privilege Management vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.

4.6
2021-08-13 CVE-2021-37347 Nagios Path Traversal vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

4.6
2021-08-13 CVE-2021-37349 Nagios Unspecified vulnerability in Nagios XI

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.

4.6
2021-08-12 CVE-2021-37648 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37652 Google Use After Free vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37666 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37667 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37671 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37676 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37681 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37650 Google Out-of-bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37651 Google Out-of-bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37655 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37656 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37657 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37658 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37659 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37662 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37638 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-37639 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-08-12 CVE-2021-26425 Microsoft Link Following vulnerability in Microsoft products

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34486, CVE-2021-34487.

4.6
2021-08-12 CVE-2021-26426 Microsoft Link Following vulnerability in Microsoft products

Windows User Account Profile Picture Elevation of Privilege Vulnerability

4.6
2021-08-12 CVE-2021-26429 Microsoft Unspecified vulnerability in Microsoft Azure Sphere

Azure Sphere Elevation of Privilege Vulnerability

4.6
2021-08-12 CVE-2021-26431 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

4.6
2021-08-12 CVE-2021-33762 Microsoft Unspecified vulnerability in Microsoft Azure Cyclecloud 7.9.10/8.2.0

Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36943.

4.6
2021-08-12 CVE-2021-34471 Microsoft Improper Privilege Management vulnerability in Microsoft Malware Protection Engine

Microsoft Windows Defender Elevation of Privilege Vulnerability

4.6
2021-08-12 CVE-2021-34483 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

4.6
2021-08-12 CVE-2021-34484 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows User Profile Service Elevation of Privilege Vulnerability

4.6
2021-08-12 CVE-2021-34486 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34487.

4.6
2021-08-12 CVE-2021-34487 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34486.

4.6
2021-08-12 CVE-2021-34536 Microsoft Integer Overflow or Wraparound vulnerability in Microsoft products

Storage Spaces Controller Elevation of Privilege Vulnerability

4.6
2021-08-12 CVE-2021-27794 Broadcom Improper Authentication vulnerability in Broadcom Fabric Operating System

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

4.6
2021-08-12 CVE-2021-37841 Docker Incorrect Permission Assignment for Critical Resource vulnerability in Docker Desktop

Docker Desktop before 3.6.0 suffers from incorrect access control.

4.6
2021-08-12 CVE-2021-38088 Acronis Unspecified vulnerability in Acronis Cyber Protect 15

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.

4.6
2021-08-11 CVE-2021-1106 Nvidia Out-of-bounds Write vulnerability in Nvidia Jetson Linux and Shield Experience

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.

4.6
2021-08-11 CVE-2021-1107 Nvidia Unspecified vulnerability in Nvidia Jetson Linux and Shield Experience

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

4.6
2021-08-11 CVE-2021-1108 Nvidia Integer Underflow (Wrap or Wraparound) vulnerability in Nvidia Jetson Linux and Shield Experience

NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.

4.6
2021-08-11 CVE-2021-1111 Nvidia Out-of-bounds Read vulnerability in Nvidia Jetson Linux

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.

4.6
2021-08-11 CVE-2020-25561 Sapphireims Use of Hard-coded Credentials vulnerability in Sapphireims 5.0

SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server.

4.6
2021-08-11 CVE-2021-0084 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-08-11 CVE-2021-0196 Intel Unspecified vulnerability in Intel products

Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2021-08-10 CVE-2021-21567 Dell Improper Privilege Management vulnerability in Dell Powerscale Onefs 9.0.0.0/9.1.0.0

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability.

4.6
2021-08-10 CVE-2021-37367 Ctparental Project Path Traversal vulnerability in Ctparental Project Ctparental

CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel.

4.6
2021-08-09 CVE-2021-36276 Dell Unspecified vulnerability in Dell Dbutildrv2.Sys Firmware 2.5/2.6

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure.

4.6
2021-08-09 CVE-2021-20349 IBM Out-of-bounds Write vulnerability in IBM Tivoli Workload Scheduler 9.4/9.5

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.

4.6
2021-08-12 CVE-2021-38086 Acronis Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.

4.4
2021-08-11 CVE-2021-38571 Foxitsoftware Uncontrolled Search Path Element vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.

4.4
2021-08-14 CVE-2020-36473 Ucweb Cleartext Storage of Sensitive Information vulnerability in Ucweb UC

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.

4.3
2021-08-13 CVE-2020-21064 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1.0

A buffer-overflow vulnerability in the AP4_RtpAtom::AP4_RtpAtom function in Ap4RtpAtom.cpp of Bento4 1.5.1.0 allows attackers to cause a denial of service.

4.3
2021-08-13 CVE-2020-21066 Axiosys Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1.0

An issue was discovered in Bento4 v1.5.1.0.

4.3
2021-08-13 CVE-2021-27401 Mitel Cross-site Scripting vulnerability in Mitel Micollab

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).

4.3
2021-08-13 CVE-2021-32068 Mitel Allocation of Resources Without Limits or Throttling vulnerability in Mitel Micollab

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls.

4.3
2021-08-13 CVE-2021-37703 Discourse Information Exposure vulnerability in Discourse

Discourse is an open-source platform for community discussion.

4.3
2021-08-13 CVE-2021-38619 Openbaraza Cross-site Scripting vulnerability in Openbaraza Human Capital Management 3.1.6

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).

4.3
2021-08-13 CVE-2021-38583 Openbaraza Cross-site Scripting vulnerability in Openbaraza Human Capital Management 3.1.6

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).

4.3
2021-08-13 CVE-2021-31399 2N Improper Certificate Validation vulnerability in 2N Access Unit 2.0 Firmware 2.31.0.40.5

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.

4.3
2021-08-12 CVE-2020-20989 Domainmod Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.13.0

A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.

4.3
2021-08-12 CVE-2021-37700 Paste Markdown Project Cross-site Scripting vulnerability in Paste-Markdown Project Paste-Markdown

@github/paste-markdown is an npm package for pasting markdown objects.

4.3
2021-08-12 CVE-2020-18445 Yunucms Cross-site Scripting vulnerability in Yunucms 1.1.9

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.

4.3
2021-08-12 CVE-2021-38597 Wolfssl Insufficient Verification of Data Authenticity vulnerability in Wolfssl

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

4.3
2021-08-11 CVE-2020-25562 Sapphireims Cross-Site Request Forgery (CSRF) vulnerability in Sapphireims 5.0

In SapphireIMS 5.0, there is no CSRF token present in the entire application.

4.3
2021-08-11 CVE-2021-32437 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

4.3
2021-08-11 CVE-2021-32438 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

4.3
2021-08-11 CVE-2021-32440 Gpac NULL Pointer Dereference vulnerability in Gpac 1.0.1

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

4.3
2021-08-11 CVE-2021-38543 TP Link Unspecified vulnerability in Tp-Link Ue330 Firmware

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

4.3
2021-08-11 CVE-2021-38544 Sony Unspecified vulnerability in Sony Srs-Xb33 Firmware and Srs-Xb43 Firmware

Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

4.3
2021-08-11 CVE-2021-38545 Raspberrypi Unspecified vulnerability in Raspberrypi products

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

4.3
2021-08-11 CVE-2021-38546 Creative Unspecified vulnerability in Creative products

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

4.3
2021-08-11 CVE-2021-38547 Logitech Unspecified vulnerability in Logitech S120 Firmware and Z120 Firmware

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

4.3
2021-08-11 CVE-2021-38548 JBL Unspecified vulnerability in JBL GO 2 Firmware

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.

4.3
2021-08-10 CVE-2020-21675 Fig2Dev Project
Debian
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.

4.3
2021-08-10 CVE-2020-21676 Fig2Dev Project
Debian
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

4.3
2021-08-10 CVE-2020-21677 Libsixel Project Out-of-bounds Write vulnerability in Libsixel Project Libsixel 1.8.4

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.

4.3
2021-08-10 CVE-2020-21678 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7

A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.

4.3
2021-08-10 CVE-2020-21680 Fig2Dev Project Out-of-bounds Write vulnerability in Fig2Dev Project Fig2Dev 3.2.7

A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

4.3
2021-08-10 CVE-2020-21681 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7

A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

4.3
2021-08-10 CVE-2020-21682 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7

A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

4.3
2021-08-10 CVE-2020-21683 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7

A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

4.3
2021-08-10 CVE-2020-21684 Fig2Dev Project Classic Buffer Overflow vulnerability in Fig2Dev Project Fig2Dev 3.2.7

A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

4.3
2021-08-10 CVE-2020-21697 Ffmpeg
Debian
Use After Free vulnerability in multiple products

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.

4.3
2021-08-10 CVE-2021-37389 Chamilo Cross-site Scripting vulnerability in Chamilo 1.11.14

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.

4.3
2021-08-10 CVE-2021-37390 Chamilo Cross-site Scripting vulnerability in Chamilo LMS

A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).

4.3
2021-08-10 CVE-2021-38381 Live555 Use After Free vulnerability in Live555

Live555 through 1.08 does not handle MPEG-1 or 2 files properly.

4.3
2021-08-10 CVE-2021-38382 Live555 Use After Free vulnerability in Live555

Live555 through 1.08 does not handle Matroska and Ogg files properly.

4.3
2021-08-10 CVE-2020-23171 NIM Lang Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nim-Lang

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.

4.3
2021-08-10 CVE-2020-23172 Kuba Project Path Traversal vulnerability in Kuba Project Kuba

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.

4.3
2021-08-10 CVE-2021-37365 Ctparental Project Cross-site Scripting vulnerability in Ctparental Project Ctparental

CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel.

4.3
2021-08-10 CVE-2021-22676 Advantech Cross-site Scripting vulnerability in Advantech Webaccess/Scada

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code.

4.3
2021-08-10 CVE-2021-31655 Trendnet Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.64/1.2.2.65/1.2.2.68

Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter.

4.3
2021-08-10 CVE-2021-33717 Siemens NULL Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1).

4.3
2021-08-10 CVE-2021-33738 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2).

4.3
2021-08-09 CVE-2021-38311 Contiki OS Infinite Loop vulnerability in Contiki-Os Contiki 3.0

In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service.

4.3
2021-08-09 CVE-2021-34335 Exiv2
Fedoraproject
Divide By Zero vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37615 Exiv2
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37633 Discourse Cross-site Scripting vulnerability in Discourse

Discourse is an open source discussion platform.

4.3
2021-08-09 CVE-2021-37634 Vapor Cross-site Scripting vulnerability in Vapor Leafkit

Leafkit is a templating language with Swift-inspired syntax.

4.3
2021-08-09 CVE-2018-17861 SAP Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol.

4.3
2021-08-09 CVE-2018-17862 SAP Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2.

4.3
2021-08-09 CVE-2018-17865 SAP Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol.

4.3
2021-08-09 CVE-2021-37616 Exiv2
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37618 Exiv2
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37619 Exiv2
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37620 Exiv2
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37621 Exiv2
Fedoraproject
Infinite Loop vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37622 Exiv2
Fedoraproject
Infinite Loop vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-32815 Exiv2 Reachable Assertion vulnerability in Exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-34334 Exiv2 Infinite Loop vulnerability in Exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-37623 Exiv2 Infinite Loop vulnerability in Exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

4.3
2021-08-09 CVE-2021-34660 Verygoodplugins Cross-site Scripting vulnerability in Verygoodplugins WP Fusion

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18.

4.3
2021-08-09 CVE-2021-34661 Verygoodplugins Cross-Site Request Forgery (CSRF) vulnerability in Verygoodplugins WP Fusion

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18.

4.3
2021-08-09 CVE-2021-37573 Tiny Java WEB Server Project Cross-site Scripting vulnerability in Tiny Java web Server Project Tiny Java web Server

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page

4.3
2021-08-09 CVE-2021-37788 Gurock Improper Restriction of Rendered UI Layers or Frames vulnerability in Gurock Testrail 5.3.0.3603

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack.

4.3
2021-08-09 CVE-2021-24304 Tagdiv Cross-site Scripting vulnerability in Tagdiv Newsmag

The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

4.3
2021-08-09 CVE-2021-24467 Leaflet MAP Project Cross-site Scripting vulnerability in Leaflet MAP Project Leaflet MAP

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack.

4.3
2021-08-09 CVE-2021-24495 Marmoset Cross-site Scripting vulnerability in Marmoset Viewer

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.

4.3
2021-08-09 CVE-2021-24522 Profilepress Cross-site Scripting vulnerability in Profilepress

The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access.

4.3
2021-08-13 CVE-2021-29880 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.4.3

IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain.

4.0
2021-08-13 CVE-2021-32072 Mitel Improper Encoding or Escaping of Output vulnerability in Mitel Micollab

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization.

4.0
2021-08-13 CVE-2021-37586 Mitel Improper Input Validation vulnerability in Mitel Interaction Recording 6.6

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.

4.0
2021-08-12 CVE-2021-37704 Phpfastcache Exposure of Resource to Wrong Sphere vulnerability in PHPfastcache

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache).

4.0
2021-08-11 CVE-2017-16631 Sapphireims Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.

4.0
2021-08-11 CVE-2021-38514 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

4.0
2021-08-10 CVE-2021-21600 Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service.
4.0
2021-08-10 CVE-2021-33706 SAP Improper Input Validation vulnerability in SAP Infrabox

Due to improper input validation in InfraBox, logs can be modified by an authenticated user.

4.0
2021-08-10 CVE-2021-22674 Advantech Path Traversal vulnerability in Advantech Webaccess/Scada

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

4.0
2021-08-10 CVE-2021-29739 IBM Unchecked Return Value vulnerability in IBM Planning Analytics Local 2.0.0

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.

4.0
2021-08-09 CVE-2021-21584 Dell Information Exposure vulnerability in Dell products

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability.

4.0
2021-08-09 CVE-2021-25954 Dolibarr Incorrect Authorization vulnerability in Dolibarr

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor.

4.0
2021-08-09 CVE-2021-29714 IBM Improper Input Validation vulnerability in IBM Content Navigator 3.0.0

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation.

4.0
2021-08-09 CVE-2021-37213 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.

4.0
2021-08-09 CVE-2021-37215 Larvata Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability.

4.0

81 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-08-12 CVE-2021-37635 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-08-12 CVE-2021-37641 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-08-12 CVE-2021-37654 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-08-12 CVE-2021-37664 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-08-12 CVE-2021-37643 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-08-11 CVE-2021-0002 Intel
Fedoraproject
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

3.6
2021-08-15 CVE-2021-25955 Dolibarr Cross-site Scripting vulnerability in Dolibarr

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.

3.5
2021-08-15 CVE-2021-38699 Tastyigniter Cross-site Scripting vulnerability in Tastyigniter 3.0.7

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.

3.5
2021-08-13 CVE-2021-36787 In2Code Cross-site Scripting vulnerability in In2Code Femanager

The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.

3.5
2021-08-13 CVE-2021-38554 Hashicorp Improper Cross-boundary Removal of Sensitive Data vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser.

3.5
2021-08-13 CVE-2021-37695 Ckeditor
Debian
Fedoraproject
Oracle
Cross-site Scripting vulnerability in multiple products

ckeditor is an open source WYSIWYG HTML editor with rich content support.

3.5
2021-08-12 CVE-2021-38602 Pluxml Cross-site Scripting vulnerability in Pluxml 5.8.7

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.

3.5
2021-08-12 CVE-2021-38603 Pluxml Cross-site Scripting vulnerability in Pluxml 5.8.7

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.

3.5
2021-08-12 CVE-2020-20988 Domainmod Cross-site Scripting vulnerability in Domainmod 4.13.0

A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.

3.5
2021-08-12 CVE-2020-20990 Domainmod Cross-site Scripting vulnerability in Domainmod 4.13.0

A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.

3.5
2021-08-12 CVE-2020-18463 Aikcms Cross-Site Request Forgery (CSRF) vulnerability in Aikcms 2.0

Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.

3.5
2021-08-12 CVE-2020-18464 Aikcms Cross-Site Request Forgery (CSRF) vulnerability in Aikcms 2.0

Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.

3.5
2021-08-12 CVE-2020-18449 Ukcms Cross-site Scripting vulnerability in Ukcms 1.1.10

Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php

3.5
2021-08-12 CVE-2020-18451 Damicms Cross-site Scripting vulnerability in Damicms 6.0.6

Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.

3.5
2021-08-12 CVE-2020-18455 Bycms Project Cross-site Scripting vulnerability in Bycms Project Bycms 1.3.0

Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.

3.5
2021-08-12 CVE-2020-18456 Pbootcms Cross-site Scripting vulnerability in Pbootcms 1.3.7

Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.

3.5
2021-08-12 CVE-2020-18446 Yunucms Cross-site Scripting vulnerability in Yunucms 1.1.9

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.

3.5
2021-08-12 CVE-2021-32808 Ckeditor
Fedoraproject
Oracle
Cross-site Scripting vulnerability in multiple products

ckeditor is an open source WYSIWYG HTML editor with rich content support.

3.5
2021-08-12 CVE-2021-32809 Ckeditor
Fedoraproject
Oracle
Cross-site Scripting vulnerability in multiple products

ckeditor is an open source WYSIWYG HTML editor with rich content support.

3.5
2021-08-12 CVE-2020-20977 Ukcms Project Cross-site Scripting vulnerability in Ukcms Project Ukcms 1.1.10

A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.

3.5
2021-08-11 CVE-2020-21362 Maccms Cross-site Scripting vulnerability in Maccms 10.0

A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.

3.5
2021-08-10 CVE-2020-21929 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.4.1

A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

3.5
2021-08-10 CVE-2020-21930 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.4.1

A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

3.5
2021-08-10 CVE-2021-37152 Sonatype Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0.

3.5
2021-08-09 CVE-2013-4718 Otrs Cross-site Scripting vulnerability in Otrs

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.

3.5
2021-08-09 CVE-2021-24502 Flippercode Cross-site Scripting vulnerability in Flippercode WP Google MAP 1.1.0/1.2.0

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed

3.5
2021-08-09 CVE-2021-24505 Madeit Cross-site Scripting vulnerability in Madeit Forms

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues.

3.5
2021-08-09 CVE-2021-24509 A3Rev Cross-site Scripting vulnerability in A3Rev Page View Count

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks.

3.5
2021-08-09 CVE-2021-37211 Larvata Cross-site Scripting vulnerability in Larvata Flygo

The bulletin function of Flygo does not filter special characters while a new announcement is added.

3.5
2021-08-11 CVE-2021-1109 Nvidia Unspecified vulnerability in Nvidia Jetson Linux

NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.

3.3
2021-08-11 CVE-2021-0009 Intel Out-of-bounds Read vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0

Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

3.3
2021-08-10 CVE-2021-33699 SAP Unspecified vulnerability in SAP Fiori Client 3.2

Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features.

3.3
2021-08-10 CVE-2021-33702 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data.

2.6
2021-08-10 CVE-2021-33703 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters.

2.6
2021-08-13 CVE-2021-38553 Hashicorp Improper Preservation of Permissions vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions.

2.1
2021-08-12 CVE-2021-37683 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37684 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37685 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37687 Google Out-of-bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37691 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37692 Google Improper Input Validation vulnerability in Google Tensorflow 2.5.0

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37675 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37680 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37686 Google Infinite Loop vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37688 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37689 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37644 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37645 Google Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37646 Google Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37661 Google Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37637 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37647 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37649 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-26428 Azure Sphere Information Disclosure Vulnerability
2.1
2021-08-12 CVE-2021-26430 Microsoft Unspecified vulnerability in Microsoft Azure Sphere

Azure Sphere Denial of Service Vulnerability

2.1
2021-08-12 CVE-2021-34485 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2017

.NET Core and Visual Studio Information Disclosure Vulnerability

2.1
2021-08-12 CVE-2021-34532 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019

ASP.NET Core and Visual Studio Information Disclosure Vulnerability

2.1
2021-08-12 CVE-2021-37636 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37640 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37642 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37653 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-12 CVE-2021-37660 Google Divide By Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-08-11 CVE-2021-38590 Cpanel Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).

2.1
2021-08-11 CVE-2021-0003 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2021-08-11 CVE-2021-0004 Intel
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.

2.1
2021-08-11 CVE-2021-0005 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0

Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.

2.1
2021-08-11 CVE-2021-0006 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware

Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access.

2.1
2021-08-11 CVE-2021-0007 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11

Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local access.

2.1
2021-08-11 CVE-2021-0008 Intel Resource Exhaustion vulnerability in Intel Ethernet Controller E810 Firmware 1.3.19/1.4.11/1.5.1.0

Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access.

2.1
2021-08-11 CVE-2021-0012 Intel Use After Free vulnerability in Intel Graphics Driver and Graphics Drivers

Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access.

2.1
2021-08-10 CVE-2021-21597 Dell Information Exposure Through Log Files vulnerability in Dell Wyse Thinos 9.0/9.1

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability.

2.1
2021-08-10 CVE-2021-21598 Dell Information Exposure Through Log Files vulnerability in Dell Wyse Thinos 9.0/9.1

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability.

2.1
2021-08-10 CVE-2021-21601 Dell Information Exposure Through Log Files vulnerability in Dell products

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS.

2.1
2021-08-09 CVE-2015-7731 SAP Information Exposure vulnerability in SAP Mobile Platform 3.0

SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.

2.1
2021-08-09 CVE-2021-21740 ZTE Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product.

2.1
2021-08-10 CVE-2020-25082 Nuvoton Information Exposure Through Discrepancy vulnerability in Nuvoton Npct75X Firmware

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

1.9