Weekly Vulnerabilities Reports > September 6 to 12, 2021

Overview

630 new vulnerabilities reported during this period, including 55 critical vulnerabilities and 135 high severity vulnerabilities. This weekly summary report vulnerabilities in 692 products from 202 vendors including Apple, Qualcomm, Debian, Fedoraproject, and Tuxera. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Improper Authentication", and "SQL Injection".

  • 475 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 196 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 474 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 214 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 26 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

55 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-09-11 CVE-2021-40146 Apache Unspecified vulnerability in Apache Any23

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5.

10.0
2021-09-09 CVE-2021-28911 BAB Technologie Incorrect Authorization vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g.

10.0
2021-09-09 CVE-2021-28913 BAB Technologie Missing Authentication for Critical Function vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase.

10.0
2021-09-09 CVE-2021-39296 Openbmc Project Improper Authentication vulnerability in Openbmc-Project Openbmc 2.9.0

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.

10.0
2021-09-09 CVE-2021-1933 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

10.0
2021-09-09 CVE-2021-1946 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

10.0
2021-09-08 CVE-2020-19138 Dotcms Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".

10.0
2021-09-08 CVE-2021-1829 Apple Type Confusion vulnerability in Apple Macos

A type confusion issue was addressed with improved state handling.

10.0
2021-09-08 CVE-2021-1834 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

An out-of-bounds write issue was addressed with improved bounds checking.

10.0
2021-09-08 CVE-2021-30655 Apple Unspecified vulnerability in Apple mac OS X and Macos

An application may be able to execute arbitrary code with system privileges.

10.0
2021-09-08 CVE-2021-30793 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

10.0
2021-09-08 CVE-2021-30805 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A memory corruption issue was addressed with improved input validation.

10.0
2021-09-08 CVE-2020-11264 Qualcomm Improper Authentication vulnerability in Qualcomm products

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

10.0
2021-09-08 CVE-2021-1916 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

10.0
2021-09-08 CVE-2021-1919 Qualcomm Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products

Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

10.0
2021-09-08 CVE-2021-1920 Qualcomm Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

10.0
2021-09-08 CVE-2021-1972 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-09-07 CVE-2021-32802 Nextcloud Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nextcloud Server

Nextcloud server is an open source, self hosted personal cloud.

10.0
2021-09-07 CVE-2021-37716 Arubanetworks
Siemens
Classic Buffer Overflow vulnerability in multiple products

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15.

10.0
2021-09-09 CVE-2021-38540 Apache Missing Authentication for Critical Function vulnerability in Apache Airflow

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3.

9.8
2021-09-07 CVE-2021-40539 Zohocorp Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

9.8
2021-09-08 CVE-2021-1812 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved validation.

9.3
2021-09-08 CVE-2021-1813 Apple Improper Privilege Management vulnerability in Apple products

A validation issue was addressed with improved logic.

9.3
2021-09-08 CVE-2021-1816 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

A buffer overflow was addressed with improved bounds checking.

9.3
2021-09-08 CVE-2021-1841 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A malicious application may be able to execute arbitrary code with kernel privileges.

9.3
2021-09-08 CVE-2021-1851 Apple Improper Privilege Management vulnerability in Apple products

A logic issue was addressed with improved state management.

9.3
2021-09-08 CVE-2021-1867 Apple Out-of-bounds Read vulnerability in Apple Ipados and Iphone OS

An out-of-bounds read was addressed with improved input validation.

9.3
2021-09-08 CVE-2021-1874 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved state management.

9.3
2021-09-08 CVE-2021-30672 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A memory corruption issue was addressed with improved state management.

9.3
2021-09-08 CVE-2021-30681 Apple Improper Input Validation vulnerability in Apple products

A validation issue existed in the handling of symlinks.

9.3
2021-09-08 CVE-2021-28580 Adobe Classic Buffer Overflow vulnerability in Adobe Medium 2.4.5.331

Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file.

9.3
2021-09-08 CVE-2021-30726 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A malicious application may be able to execute arbitrary code with kernel privileges.

9.3
2021-09-08 CVE-2021-30728 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2021-09-08 CVE-2021-30735 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A malicious application may be able to execute arbitrary code with kernel privileges.

9.3
2021-09-08 CVE-2021-30748 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

9.3
2021-09-08 CVE-2021-30765 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

An out-of-bounds write was addressed with improved input validation.

9.3
2021-09-08 CVE-2021-30766 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

An out-of-bounds write was addressed with improved input validation.

9.3
2021-09-08 CVE-2021-30772 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved checks.

9.3
2021-09-08 CVE-2021-30774 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved validation.

9.3
2021-09-08 CVE-2021-30777 Apple Injection vulnerability in Apple mac OS X and Macos

An injection issue was addressed with improved validation.

9.3
2021-09-08 CVE-2021-30780 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2021-09-08 CVE-2021-30795 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

9.3
2021-09-08 CVE-2021-30799 Apple Out-of-bounds Write vulnerability in Apple Iphone OS

Multiple memory corruption issues were addressed with improved memory handling.

9.3
2021-09-09 CVE-2021-28912 BAB Technologie Weak Password Requirements vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3

BAB TECHNOLOGIE GmbH eibPort V3.

9.0
2021-09-09 CVE-2021-39459 Redaxo OS Command Injection vulnerability in Redaxo 5.12.1

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.

9.0
2021-09-09 CVE-2021-40222 Rittal OS Command Injection vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704

Rittal CMC PU III Web management Version affected: V3.11.00_2.

9.0
2021-09-07 CVE-2021-37717 Arubanetworks
Siemens
Command Injection vulnerability in multiple products

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16.

9.0
2021-09-07 CVE-2021-37718 Arubanetworks
Siemens
Command Injection vulnerability in multiple products

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16.

9.0
2021-09-07 CVE-2021-37719 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.

9.0
2021-09-07 CVE-2021-37720 Arubanetworks
Siemens
Command Injection vulnerability in multiple products

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.

9.0
2021-09-07 CVE-2021-37721 Arubanetworks
Siemens
Command Injection vulnerability in multiple products

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.

9.0
2021-09-07 CVE-2021-37722 Arubanetworks
Siemens
Command Injection vulnerability in multiple products

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.

9.0
2021-09-07 CVE-2021-37723 Arubanetworks
Siemens
Command Injection vulnerability in multiple products

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16.

9.0
2021-09-07 CVE-2021-37724 Arubanetworks
Siemens
Command Injection vulnerability in multiple products

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16.

9.0
2021-09-07 CVE-2021-39279 Moxa OS Command Injection vulnerability in Moxa products

Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP.

9.0

135 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-09-08 CVE-2021-21103 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file.

8.8
2021-09-08 CVE-2021-21104 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file.

8.8
2021-09-08 CVE-2021-21105 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file.

8.8
2021-09-08 CVE-2021-21897 Ribbonsoft
Fedoraproject
Debian
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0.

8.8
2021-09-08 CVE-2021-1828 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A memory corruption issue was addressed with improved validation.

8.8
2021-09-08 CVE-2021-30661 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

8.8
2021-09-08 CVE-2021-30663 Apple Integer Overflow or Wraparound vulnerability in Apple products

An integer overflow was addressed with improved input validation.

8.8
2021-09-08 CVE-2021-30665 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

8.8
2021-09-08 CVE-2021-30666 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

A buffer overflow issue was addressed with improved memory handling.

8.8
2021-09-08 CVE-2021-30734 Apple Out-of-bounds Write vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

8.8
2021-09-08 CVE-2021-30737 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.

8.8
2021-09-08 CVE-2021-30749 Apple Out-of-bounds Write vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

8.8
2021-09-08 CVE-2021-30761 Apple Out-of-bounds Write vulnerability in Apple Iphone OS

A memory corruption issue was addressed with improved state management.

8.8
2021-09-08 CVE-2021-30762 Apple Use After Free vulnerability in Apple Iphone OS

A use after free issue was addressed with improved memory management.

8.8
2021-09-07 CVE-2021-37725 Arubanetworks
Siemens
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15.

8.8
2021-09-09 CVE-2021-34720 Cisco Unspecified vulnerability in Cisco IOS XR

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition.

8.6
2021-09-08 CVE-2021-3054 Paloaltonetworks Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Pan-Os

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges.

8.5
2021-09-07 CVE-2021-37728 Arubanetworks
Siemens
Path Traversal vulnerability in multiple products

A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13.

8.5
2021-09-07 CVE-2021-28139 Espressif Unspecified vulnerability in Espressif Esp-Idf

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.

8.3
2021-09-09 CVE-2021-34718 Cisco Argument Injection or Modification vulnerability in Cisco IOS XR

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.

8.1
2021-09-09 CVE-2021-32484 Mediatek Out-of-bounds Write vulnerability in Mediatek Modem Lr12A/Lr13

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow.

7.8
2021-09-09 CVE-2021-32485 Mediatek Out-of-bounds Write vulnerability in Mediatek Modem Lr12A/Lr13

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow.

7.8
2021-09-09 CVE-2021-32486 Mediatek Out-of-bounds Write vulnerability in Mediatek Modem Lr12A/Lr13

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow.

7.8
2021-09-09 CVE-2021-32487 Mediatek Out-of-bounds Write vulnerability in Mediatek Modem Lr12A/Lr13

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow.

7.8
2021-09-09 CVE-2021-28498 Arista Insufficiently Protected Credentials vulnerability in Arista Metamako Operating System

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems.

7.8
2021-09-09 CVE-2021-1941 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.8
2021-09-09 CVE-2021-1948 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.8
2021-09-09 CVE-2021-1971 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.8
2021-09-09 CVE-2021-34719 Cisco OS Command Injection vulnerability in Cisco IOS XR

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device.

7.8
2021-09-09 CVE-2021-34728 Cisco OS Command Injection vulnerability in Cisco IOS XR

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device.

7.8
2021-09-08 CVE-2021-35526 Hitachiabb Powergrids Incorrect Authorization vulnerability in Hitachiabb-Powergrids Sdm600 Firmware

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information.

7.8
2021-09-08 CVE-2021-1859 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

7.8
2021-09-08 CVE-2021-30660 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

7.8
2021-09-08 CVE-2021-30713 Apple Improper Input Validation vulnerability in Apple mac OS X and Macos

A permissions issue was addressed with improved validation.

7.8
2021-09-08 CVE-2021-28701 XEN
Debian
Fedoraproject
Race Condition vulnerability in multiple products

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.

7.8
2021-09-08 CVE-2021-30724 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

7.8
2021-09-08 CVE-2021-30725 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

7.8
2021-09-08 CVE-2021-30736 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved size validation.

7.8
2021-09-08 CVE-2021-30740 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved validation.

7.8
2021-09-08 CVE-2021-30742 Apple Unspecified vulnerability in Apple Iphone OS

A memory consumption issue was addressed with improved memory handling.

7.8
2021-09-08 CVE-2021-30743 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write was addressed with improved input validation.

7.8
2021-09-08 CVE-2021-30752 Apple Out-of-bounds Read vulnerability in Apple products

Processing a maliciously crafted image may lead to arbitrary code execution.

7.8
2021-09-08 CVE-2021-30760 Apple Integer Overflow or Wraparound vulnerability in Apple products

An integer overflow was addressed through improved input validation.

7.8
2021-09-08 CVE-2021-30798 Apple Unspecified vulnerability in Apple Watchos

A logic issue was addressed with improved state management.

7.8
2021-09-07 CVE-2021-33286 Tuxera
Debian
Out-of-bounds Write vulnerability in multiple products

In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

7.8
2021-09-07 CVE-2021-33287 Tuxera
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

7.8
2021-09-07 CVE-2021-35266 Tuxera
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

7.8
2021-09-07 CVE-2021-35267 Tuxera
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

7.8
2021-09-07 CVE-2021-39251 Tuxera
Debian
Redhat
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39252 Tuxera
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39253 Tuxera
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39254 Tuxera
Debian
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39255 Tuxera
Debian
Out-of-bounds Read vulnerability in multiple products

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39256 Tuxera
Debian
Out-of-bounds Write vulnerability in multiple products

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39258 Tuxera
Debian
Out-of-bounds Read vulnerability in multiple products

A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39259 Tuxera
Debian
Out-of-bounds Write vulnerability in multiple products

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39260 Tuxera
Debian
Out-of-bounds Write vulnerability in multiple products

A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39261 Tuxera
Debian
Out-of-bounds Write vulnerability in multiple products

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39262 Tuxera
Debian
Out-of-bounds Write vulnerability in multiple products

A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-39263 Tuxera
Debian
Out-of-bounds Write vulnerability in multiple products

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

7.8
2021-09-07 CVE-2021-33285 Tuxera
Redhat
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service.

7.8
2021-09-07 CVE-2021-33289 Tuxera
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

7.8
2021-09-07 CVE-2021-35268 Tuxera
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

7.8
2021-09-07 CVE-2021-35269 Tuxera
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

7.8
2021-09-06 CVE-2021-3770 VIM
Fedoraproject
Netapp
Heap-based Buffer Overflow vulnerability in multiple products

vim is vulnerable to Heap-based Buffer Overflow

7.8
2021-09-08 CVE-2021-28571 Adobe OS Command Injection vulnerability in Adobe After Effects

Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts.

7.6
2021-09-08 CVE-2021-30652 Apple Race Condition vulnerability in Apple products

A race condition was addressed with additional validation.

7.6
2021-09-12 CVE-2021-23440 SET Value Project
Oracle
Type Confusion vulnerability in multiple products

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1.

7.5
2021-09-10 CVE-2021-24040 Facebook Deserialization of Untrusted Data vulnerability in Facebook Parlai

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks.

7.5
2021-09-10 CVE-2021-40864 Onlyoffice Unspecified vulnerability in Onlyoffice Google Translate

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.

7.5
2021-09-10 CVE-2021-37422 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.

7.5
2021-09-10 CVE-2021-37423 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.

7.5
2021-09-10 CVE-2021-38360 WP Publications Project Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wp-Publications Project Wp-Publications

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.

7.5
2021-09-10 CVE-2021-40373 Playsms Code Injection vulnerability in Playsms

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.

7.5
2021-09-10 CVE-2021-3645 Merge Project Unspecified vulnerability in Merge Project Merge 1.0.0

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

7.5
2021-09-10 CVE-2021-34344 Qnap Out-of-bounds Write vulnerability in Qnap Qusbcam2

A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2.

7.5
2021-09-10 CVE-2021-34345 Qnap Out-of-bounds Write vulnerability in Qnap products

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion.

7.5
2021-09-10 CVE-2021-34346 Qnap Out-of-bounds Write vulnerability in Qnap NVR Storage Expansion Firmware

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion.

7.5
2021-09-10 CVE-2021-40839 Rencode Project
Fedoraproject
Infinite Loop vulnerability in multiple products

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.

7.5
2021-09-09 CVE-2021-25449 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

7.5
2021-09-09 CVE-2020-19267 Dswjcms Project Unrestricted Upload of File with Dangerous Type vulnerability in Dswjcms Project Dswjcms 1.6.4

An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.

7.5
2021-09-09 CVE-2021-38727 Thedaylightstudio SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items

7.5
2021-09-09 CVE-2020-7873 Ksystem Download of Code Without Integrity Check vulnerability in Ksystem K-System Wellcomm 1.1/4.0

Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.

7.5
2021-09-09 CVE-2021-26608 Handysoft Insufficient Verification of Data Authenticity vulnerability in Handysoft Hshell 1.7.4.5/2.0.3.5/4.0.1.6

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module.

7.5
2021-09-09 CVE-2021-38408 Advantech Stack-based Buffer Overflow vulnerability in Advantech Webaccess

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

7.5
2021-09-09 CVE-2021-36161 Apache Use of Externally-Controlled Format String vulnerability in Apache Dubbo

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method.

7.5
2021-09-09 CVE-2021-37579 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server.

7.5
2021-09-09 CVE-2021-34737 Cisco NULL Pointer Dereference vulnerability in Cisco IOS XR

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition.

7.5
2021-09-09 CVE-2020-26300 Systeminformation OS Command Injection vulnerability in Systeminformation

systeminformation is an npm package that provides system and OS information library for node.js.

7.5
2021-09-08 CVE-2021-40814 Mypresta SQL Injection vulnerability in Mypresta Customer Photo Gallery

The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.

7.5
2021-09-08 CVE-2021-40818 Glewlwyd SSO Server Project Classic Buffer Overflow vulnerability in Glewlwyd SSO Server Project Glewlwyd SSO Server

scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.

7.5
2021-09-08 CVE-2020-26772 Ppgo Jobs Project OS Command Injection vulnerability in Ppgo Jobs Project Ppgo Jobs 2.8.0

Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.

7.5
2021-09-08 CVE-2021-36440 Showdoc Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc 2.9.5

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.

7.5
2021-09-08 CVE-2021-3055 Paloaltonetworks XXE vulnerability in Paloaltonetworks Pan-Os

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash.

7.5
2021-09-08 CVE-2021-40346 Haproxy
Debian
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

7.5
2021-09-08 CVE-2021-1770 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

A buffer overflow may result in arbitrary code execution.

7.5
2021-09-08 CVE-2021-1864 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

7.5
2021-09-08 CVE-2021-1882 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved validation.

7.5
2021-09-08 CVE-2021-21996 Saltstack
Fedoraproject
Debian
An issue was discovered in SaltStack Salt before 3003.3.
7.5
2021-09-08 CVE-2021-30678 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

7.5
2021-09-08 CVE-2021-30690 Apple Unspecified vulnerability in Apple mac OS X

Multiple issues in apache were addressed by updating apache to version 2.4.46.

7.5
2021-09-08 CVE-2021-30729 Apple Unspecified vulnerability in Apple Iphone OS

A logic issue was addressed with improved restrictions.

7.5
2021-09-08 CVE-2020-19853 Bluecms Project SQL Injection vulnerability in Bluecms Project Bluecms 1.6

BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.

7.5
2021-09-07 CVE-2020-19752 Lcdf
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

7.5
2021-09-07 CVE-2021-35946 Owncloud Improper Privilege Management vulnerability in Owncloud

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.

7.5
2021-09-07 CVE-2021-39497 Eyoucms Server-Side Request Forgery (SSRF) vulnerability in Eyoucms 1.5.4

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

7.5
2021-09-07 CVE-2020-7832 Dext5 Improper Input Validation vulnerability in Dext5 2.7.1402870/3.5.1402961

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

7.5
2021-09-07 CVE-2020-7865 Inoguard Improper Input Validation vulnerability in Inoguard Execm Coreb2B

A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function.

7.5
2021-09-07 CVE-2021-36163 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

In Apache Dubbo, users may choose to use the Hessian protocol.

7.5
2021-09-07 CVE-2021-38840 Simple Water Refilling Station Management System Project SQL Injection vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0

SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.

7.5
2021-09-07 CVE-2021-40540 Ulfius Project Unspecified vulnerability in Ulfius Project Ulfius

ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests.

7.5
2021-09-06 CVE-2021-40531 Sketch Unrestricted Upload of File with Dangerous Type vulnerability in Sketch

Sketch before 75 allows library feeds to be used to bypass file quarantine.

7.5
2021-09-06 CVE-2021-40532 Telegram Unspecified vulnerability in Telegram web K Alpha

Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.

7.5
2021-09-06 CVE-2021-3766 Objection Project Unspecified vulnerability in Objection Project Objection

objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

7.5
2021-09-09 CVE-2021-34713 Cisco Unspecified vulnerability in Cisco IOS XR

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot.

7.4
2021-09-10 CVE-2021-3145 Ionic Improper Authentication vulnerability in Ionic Identity Vault

In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication.

7.2
2021-09-09 CVE-2021-37101 Huawei Unspecified vulnerability in Huawei Ais-Bw50-00 Firmware 9.0.6.2(H100Sp10C00)/9.0.6.2(H100Sp15C00)

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00).

7.2
2021-09-09 CVE-2021-20117 Tenable Unspecified vulnerability in Tenable Nessus Agent

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.

7.2
2021-09-09 CVE-2021-20118 Tenable Unspecified vulnerability in Tenable Nessus Agent

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.

7.2
2021-09-09 CVE-2021-1909 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

7.2
2021-09-09 CVE-2021-1934 Qualcomm Double Free vulnerability in Qualcomm products

Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT

7.2
2021-09-09 CVE-2021-1952 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

7.2
2021-09-09 CVE-2021-30295 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.2
2021-09-09 CVE-2021-34785 Cisco Improper Authentication vulnerability in Cisco Broadworks Commpilot Application Software

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

7.2
2021-09-08 CVE-2021-30703 Apple Double Free vulnerability in Apple products

A double free issue was addressed with improved memory management.

7.2
2021-09-08 CVE-2021-30704 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

7.2
2021-09-07 CVE-2021-37145 Poly Command Injection vulnerability in Poly Cx5100 Firmware and Cx5500 Firmware

A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability.

7.2
2021-09-07 CVE-2021-38142 Barco Cleartext Transmission of Sensitive Information vulnerability in Barco Mirrorop Windows Sender

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades.

7.2
2021-09-07 CVE-2021-37731 Arubanetworks
Siemens
Path Traversal vulnerability in multiple products

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16.

7.2
2021-09-06 CVE-2021-24390 Alipay Project SQL Injection vulnerability in Alipay Project Alipay

A proid GET parameter of the WordPress???Alipay|???Tenpay|??PayPal???? WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.

7.2
2021-09-08 CVE-2021-3053 Paloaltonetworks Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash.

7.1
2021-09-08 CVE-2021-1860 Apple Improper Initialization vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

7.1
2021-09-08 CVE-2021-30656 Apple Unspecified vulnerability in Apple Iphone OS

An access issue was addressed with improved memory management.

7.1
2021-09-08 CVE-2021-30741 Apple Use After Free vulnerability in Apple Iphone OS

A use after free issue was addressed with improved memory management.

7.1
2021-09-07 CVE-2019-5318 Arubanetworks
Siemens
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0.

7.1

359 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-09-08 CVE-2021-28568 Adobe Exposure of Resource to Wrong Sphere vulnerability in Adobe Genuine Service 7.1

Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process.

6.9
2021-09-09 CVE-2020-19280 Jeesns Cross-Site Request Forgery (CSRF) vulnerability in Jeesns 1.4.2

Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.

6.8
2021-09-09 CVE-2021-32724 Check Spelling Information Exposure Through Log Files vulnerability in Check-Spelling

check-spelling is a github action which provides CI spell checking.

6.8
2021-09-09 CVE-2020-19263 Mipcms Cross-Site Request Forgery (CSRF) vulnerability in Mipcms 5.0.1

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.

6.8
2021-09-09 CVE-2021-40284 Dlink Classic Buffer Overflow vulnerability in Dlink Dsl-3782 Firmware Eu1.01/Eu1.03

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service.

6.8
2021-09-09 CVE-2021-28495 Arista Improper Authentication vulnerability in Arista Metamako Operating System

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs.

6.8
2021-09-09 CVE-2020-7874 Tobesoft Download of Code Without Integrity Check vulnerability in Tobesoft Nexacro 14.0.0.0

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution.

6.8
2021-09-09 CVE-2021-26603 Bandisoft Out-of-bounds Write vulnerability in Bandisoft ARK Library

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path.

6.8
2021-09-09 CVE-2021-32836 Zstack Deserialization of Untrusted Data vulnerability in Zstack

ZStack is open source IaaS(infrastructure as a service) software.

6.8
2021-09-08 CVE-2021-3051 Paloaltonetworks Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Cortex Xsoar

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server.

6.8
2021-09-08 CVE-2020-24672 ABB Improper Input Validation vulnerability in ABB Base Software

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product.

6.8
2021-09-08 CVE-2020-27942 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved state management.

6.8
2021-09-08 CVE-2021-1762 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write was addressed with improved input validation.

6.8
2021-09-08 CVE-2021-1814 Apple Unspecified vulnerability in Apple Macos and Watchos

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-1817 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

6.8
2021-09-08 CVE-2021-1833 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-1838 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-1843 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-1847 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A memory corruption issue was addressed with improved validation.

6.8
2021-09-08 CVE-2021-1858 Apple Out-of-bounds Write vulnerability in Apple products

Processing a maliciously crafted image may lead to arbitrary code execution.

6.8
2021-09-08 CVE-2021-1875 Apple Double Free vulnerability in Apple products

A double free issue was addressed with improved memory management.

6.8
2021-09-08 CVE-2021-1876 Apple Use After Free vulnerability in Apple mac OS X and Macos

A use after free issue was addressed with improved memory management.

6.8
2021-09-08 CVE-2021-1880 Apple Unspecified vulnerability in Apple Macos and Watchos

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-1881 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.8
2021-09-08 CVE-2021-1885 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

6.8
2021-09-08 CVE-2021-30653 Apple Injection vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-30662 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-30664 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2021-09-08 CVE-2021-30675 Apple Out-of-bounds Write vulnerability in Apple Boot Camp 5.0/5.1

A memory corruption issue was addressed with improved state management.

6.8
2021-09-08 CVE-2021-30679 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed by removing the vulnerable code.

6.8
2021-09-08 CVE-2021-30683 Apple Use After Free vulnerability in Apple mac OS X and Macos

A use after free issue was addressed with improved memory management.

6.8
2021-09-08 CVE-2021-30684 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

6.8
2021-09-08 CVE-2021-30693 Apple Improper Input Validation vulnerability in Apple products

A validation issue was addressed with improved logic.

6.8
2021-09-08 CVE-2021-30701 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-30707 Apple Classic Buffer Overflow vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-30708 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.8
2021-09-08 CVE-2021-30712 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

6.8
2021-09-08 CVE-2021-30717 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A memory corruption issue was addressed with improved state management.

6.8
2021-09-08 CVE-2021-30758 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved state handling.

6.8
2021-09-08 CVE-2021-30759 Apple Out-of-bounds Write vulnerability in Apple products

A stack overflow was addressed with improved input validation.

6.8
2021-09-08 CVE-2021-30764 Apple Unspecified vulnerability in Apple products

Processing a maliciously crafted file may lead to arbitrary code execution.

6.8
2021-09-08 CVE-2021-30775 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

6.8
2021-09-08 CVE-2021-30779 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-30785 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved bounds checking.

6.8
2021-09-08 CVE-2021-30787 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-30789 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.8
2021-09-08 CVE-2021-30790 Apple Information Exposure vulnerability in Apple mac OS X and Macos

An information disclosure issue was addressed by removing the vulnerable code.

6.8
2021-09-08 CVE-2021-30792 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write was addressed with improved input validation.

6.8
2021-09-08 CVE-2021-30797 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2021-09-08 CVE-2021-30802 Apple Use After Free vulnerability in Apple Iphone OS

A use after free issue was addressed with improved memory management.

6.8
2021-09-08 CVE-2021-23404 Sqlite WEB Project Cross-Site Request Forgery (CSRF) vulnerability in Sqlite-Web Project Sqlite-Web

This affects all versions of package sqlite-web.

6.8
2021-09-07 CVE-2021-38705 Cliniccases Cross-Site Request Forgery (CSRF) vulnerability in Cliniccases 7.3.3

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF).

6.8
2021-09-07 CVE-2021-39196 Pcapture Project Improper Check for Unusual or Exceptional Conditions vulnerability in Pcapture Project Pcapture

pcapture is an open source dumpcap web service interface .

6.8
2021-09-07 CVE-2021-39197 Better Errors Project Cross-Site Request Forgery (CSRF) vulnerability in Better Errors Project Better Errors

better_errors is an open source replacement for the standard Rails error page with more information rich error pages.

6.8
2021-09-06 CVE-2021-32568 Mrdoc Deserialization of Untrusted Data vulnerability in Mrdoc

mrdoc is vulnerable to Deserialization of Untrusted Data

6.8
2021-09-09 CVE-2021-34708 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.

6.7
2021-09-09 CVE-2021-34721 Cisco OS Command Injection vulnerability in Cisco IOS XR

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges.

6.7
2021-09-09 CVE-2021-34722 Cisco OS Command Injection vulnerability in Cisco IOS XR

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges.

6.7
2021-09-08 CVE-2021-30676 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

6.6
2021-09-08 CVE-2021-30719 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

A local user may be able to cause unexpected system termination or read kernel memory.

6.6
2021-09-10 CVE-2021-39207 Facebook Deserialization of Untrusted Data vulnerability in Facebook Parlai

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets.

6.5
2021-09-10 CVE-2021-28816 Qnap Out-of-bounds Write vulnerability in Qnap QTS

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero.

6.5
2021-09-10 CVE-2021-34343 Qnap Out-of-bounds Write vulnerability in Qnap QTS

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero.

6.5
2021-09-09 CVE-2021-38723 Thedaylightstudio SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items

6.5
2021-09-09 CVE-2021-28494 Arista Improper Authentication vulnerability in Arista Metamako Operating System

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI.

6.5
2021-09-09 CVE-2021-32834 Eclipse Expression Language Injection vulnerability in Eclipse Keti

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).

6.5
2021-09-09 CVE-2021-32835 Eclipse Protection Mechanism Failure vulnerability in Eclipse Keti

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).

6.5
2021-09-08 CVE-2021-40812 Libgd Out-of-bounds Read vulnerability in Libgd

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

6.5
2021-09-08 CVE-2021-38388 Linecorp Missing Authorization vulnerability in Linecorp Central Dogma

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.

6.5
2021-09-08 CVE-2021-28567 Magento Incorrect Authorization vulnerability in Magento

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module.

6.5
2021-09-08 CVE-2021-35217 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI.

6.5
2021-09-08 CVE-2021-36179 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution

6.5
2021-09-08 CVE-2021-36182 Fortinet OS Command Injection vulnerability in Fortinet Fortiweb

A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

6.5
2021-09-07 CVE-2021-38706 Cliniccases SQL Injection vulnerability in Cliniccases 7.3.3

messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.

6.5
2021-09-07 CVE-2021-39503 Phpmywind Code Injection vulnerability in PHPmywind 5.6

PHPMyWind 5.6 is vulnerable to Remote Code Execution.

6.5
2021-09-07 CVE-2020-7877 Mastersoft Classic Buffer Overflow vulnerability in Mastersoft Zook Agent and Zook Viewer

A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check.

6.5
2021-09-07 CVE-2021-37218 Hashicorp Improper Certificate Validation vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.

6.5
2021-09-07 CVE-2021-37219 Hashicorp Improper Certificate Validation vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.

6.5
2021-09-07 CVE-2021-38616 Eigentech Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request.

6.5
2021-09-07 CVE-2021-38617 Eigentech Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password.

6.5
2021-09-07 CVE-2021-36162 Apache Unspecified vulnerability in Apache Dubbo

Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo).

6.5
2021-09-07 CVE-2021-38841 Simple Water Refilling Station Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action.

6.5
2021-09-06 CVE-2021-24006 Fortinet Incorrect Authorization vulnerability in Fortinet Fortimanager

An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.

6.5
2021-09-06 CVE-2021-25735 Kubernetes Unspecified vulnerability in Kubernetes

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook.

6.5
2021-09-06 CVE-2021-24303 Jiangqie SQL Injection vulnerability in Jiangqie Official Website Mini Program 1.0/1.0.5/1.1.0

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues

6.5
2021-09-06 CVE-2021-24391 Cashtomer Project SQL Injection vulnerability in Cashtomer Project Cashtomer 1.0.0

An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

6.5
2021-09-06 CVE-2021-24392 Swiftcrm SQL Injection vulnerability in Swiftcrm Club-Management-Software

An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

6.5
2021-09-06 CVE-2021-24393 Comment Highlighter Project SQL Injection vulnerability in Comment Highlighter Project Comment Highlighter 0.13

A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

6.5
2021-09-06 CVE-2021-24394 Easy Testimonial Manager Project SQL Injection vulnerability in Easy Testimonial Manager Project Easy Testimonial Manager 1.2.0

An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection

6.5
2021-09-06 CVE-2021-24395 Geekwebsolution SQL Injection vulnerability in Geekwebsolution Embed Youtube Video 1.0

The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

6.5
2021-09-11 CVE-2021-38555 Apache XXE vulnerability in Apache Any23

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5.

6.4
2021-09-09 CVE-2021-34709 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.

6.4
2021-09-08 CVE-2021-1855 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

6.4
2021-09-08 CVE-2021-22004 Saltstack
Fedoraproject
Race Condition vulnerability in multiple products

An issue was discovered in SaltStack Salt before 3003.3.

6.4
2021-09-07 CVE-2021-32800 Nextcloud Missing Authentication for Critical Function vulnerability in Nextcloud Server

Nextcloud server is an open source, self hosted personal cloud.

6.4
2021-09-07 CVE-2020-19751 Gpac Out-of-bounds Read vulnerability in Gpac 0.8.0

An issue was discovered in gpac 0.8.0.

6.4
2021-09-07 CVE-2021-40143 Sonatype Injection vulnerability in Sonatype Nexus Repository Manager 3

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection.

6.4
2021-09-08 CVE-2021-30744 Apple Cross-site Scripting vulnerability in Apple products

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins.

6.1
2021-09-07 CVE-2021-38123 Microfocus Open Redirect vulnerability in Microfocus Network Automation

Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05.

6.1
2021-09-07 CVE-2021-31610 MI
Bluetrum
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.
6.1
2021-09-07 CVE-2021-31612 ZH Jieli Unspecified vulnerability in Zh-Jieli products

The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.

6.1
2021-09-07 CVE-2021-31785 Actions Semi Improper Locking vulnerability in Actions-Semi products

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets.

6.1
2021-09-07 CVE-2021-31786 Actions Semi Improper Locking vulnerability in Actions-Semi products

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.

6.1
2021-09-07 CVE-2021-34143 ZH Jieli Unspecified vulnerability in Zh-Jieli Fw-Ac63 BT SDK 1.0.0

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure.

6.1
2021-09-07 CVE-2021-34146 Cypress Unspecified vulnerability in Cypress Cyw20735B1 Firmware and Cyw920735Q60Evb-01 Firmware

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

6.1
2021-09-07 CVE-2021-34147 Cypress Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress.

6.1
2021-09-07 CVE-2021-34148 Cypress Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.

6.1
2021-09-07 CVE-2021-28155 JBL Unspecified vulnerability in JBL Tune500Bt Firmware

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.

6.1
2021-09-06 CVE-2021-24599 WP Webhooks Cross-site Scripting vulnerability in Wp-Webhooks Email Encoder

The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data.

6.1
2021-09-09 CVE-2021-39203 Wordpress Unspecified vulnerability in Wordpress 5.8

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

6.0
2021-09-08 CVE-2021-1884 Apple Race Condition vulnerability in Apple products

A race condition was addressed with improved locking.

5.9
2021-09-06 CVE-2021-40528 Gnupg Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

5.9
2021-09-06 CVE-2021-40529 Botan Project
Fedoraproject
Mozilla
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

5.9
2021-09-06 CVE-2021-40530 Cryptopp
Fedoraproject
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

5.9
2021-09-12 CVE-2021-23435 Thoughtbot Open Redirect vulnerability in Thoughtbot Clearance

This affects the package clearance before 2.5.0.

5.8
2021-09-08 CVE-2021-32805 Flask Appbuilder Project Open Redirect vulnerability in Flask-Appbuilder Project Flask-Appbuilder

Flask-AppBuilder is an application development framework, built on top of Flask.

5.8
2021-09-08 CVE-2021-30710 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

5.8
2021-09-08 CVE-2021-30788 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

5.8
2021-09-08 CVE-2021-30800 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

5.8
2021-09-07 CVE-2021-39501 Eyoucms Open Redirect vulnerability in Eyoucms 1.5.4

EyouCMS 1.5.4 is vulnerable to Open Redirect.

5.8
2021-09-07 CVE-2021-35948 Owncloud Session Fixation vulnerability in Owncloud

Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.

5.8
2021-09-10 CVE-2021-40347 Postorius Project Unspecified vulnerability in Postorius Project Postorius

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5.

5.5
2021-09-09 CVE-2021-34771 Cisco Information Exposure vulnerability in Cisco IOS XR

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow.

5.5
2021-09-08 CVE-2021-1815 Apple Path Traversal vulnerability in Apple products

A parsing issue in the handling of directory paths was addressed with improved path validation.

5.5
2021-09-08 CVE-2021-1832 Apple Incorrect Default Permissions vulnerability in Apple products

Copied files may not have the expected file permissions.

5.5
2021-09-08 CVE-2021-1836 Apple Improper Privilege Management vulnerability in Apple Iphone OS

A logic issue was addressed with improved restrictions.

5.5
2021-09-08 CVE-2021-1852 Apple Out-of-bounds Read vulnerability in Apple Iphone OS

An out-of-bounds read was addressed with improved input validation.

5.5
2021-09-08 CVE-2021-30723 Apple Unspecified vulnerability in Apple products

An information disclosure issue was addressed with improved state management.

5.5
2021-09-08 CVE-2021-30727 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.5
2021-09-08 CVE-2021-30733 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

5.5
2021-09-08 CVE-2021-30746 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

5.5
2021-09-08 CVE-2021-30753 Apple Out-of-bounds Read vulnerability in Apple products

Processing a maliciously crafted font may result in the disclosure of process memory.

5.5
2021-09-07 CVE-2021-39257 Tuxera
Debian
Uncontrolled Recursion vulnerability in multiple products

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

5.5
2021-09-07 CVE-2021-37729 Arubanetworks
Siemens
Path Traversal vulnerability in multiple products

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25.

5.5
2021-09-07 CVE-2021-38615 Eigentech Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information.

5.5
2021-09-09 CVE-2021-36870 Codecabin Cross-site Scripting vulnerability in Codecabin WP GO Maps

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12).

5.4
2021-09-09 CVE-2021-36871 Codecabin Cross-site Scripting vulnerability in Codecabin WP GO Maps

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11).

5.4
2021-09-08 CVE-2021-30720 Apple Improper Authentication vulnerability in Apple products

A logic issue was addressed with improved restrictions.

5.4
2021-09-08 CVE-2021-30786 Apple Race Condition vulnerability in Apple Iphone OS

A race condition was addressed with improved state handling.

5.1
2021-09-10 CVE-2021-37414 Zohocorp Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central

Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.

5.0
2021-09-10 CVE-2021-28813 Qnap Insecure Storage of Sensitive Information vulnerability in Qnap Qsw-M2116P-2T2S Firmware and Qunetswitch

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch.

5.0
2021-09-09 CVE-2021-39206 Envoyproxy
Pomerium
Incorrect Authorization vulnerability in multiple products

Pomerium is an open source identity-aware access proxy.

5.0
2021-09-09 CVE-2021-39162 Envoyproxy
Pomerium
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

Pomerium is an open source identity-aware access proxy.

5.0
2021-09-09 CVE-2021-39204 Envoyproxy
Pomerium
Excessive Iteration vulnerability in multiple products

Pomerium is an open source identity-aware access proxy.

5.0
2021-09-09 CVE-2021-25466 Samsung Improper Authentication vulnerability in Samsung Internet

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.

5.0
2021-09-09 CVE-2021-38324 Smartypantsplugins SQL Injection vulnerability in Smartypantsplugins SP Rental Manager 1.5.3

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.

5.0
2021-09-09 CVE-2021-28909 BAB Technologie Improper Restriction of Excessive Authentication Attempts vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack.

5.0
2021-09-09 CVE-2021-28910 BAB Technologie Server-Side Request Forgery (SSRF) vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability.

5.0
2021-09-09 CVE-2021-38725 Thedaylightstudio Improper Restriction of Excessive Authentication Attempts vulnerability in Thedaylightstudio Fuel CMS 1.5.0

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php

5.0
2021-09-09 CVE-2021-3761 Cloudflare
Debian
Out-of-bounds Write vulnerability in multiple products

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate.

5.0
2021-09-09 CVE-2021-1974 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

5.0
2021-09-08 CVE-2020-19137 Autumn Project Cleartext Storage of Sensitive Information vulnerability in Autumn Project Autumn

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

5.0
2021-09-08 CVE-2021-36215 Linecorp Unspecified vulnerability in Linecorp Line

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.

5.0
2021-09-08 CVE-2021-33982 Myfwc Insufficient Session Expiration vulnerability in Myfwc Fish | Hunt FL

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

5.0
2021-09-08 CVE-2021-1784 Apple Unspecified vulnerability in Apple mac OS X and Macos

A permissions issue existed in DiskArbitration.

5.0
2021-09-08 CVE-2021-1808 Apple Out-of-bounds Read vulnerability in Apple products

A memory corruption issue was addressed with improved validation.

5.0
2021-09-08 CVE-2021-1809 Apple Out-of-bounds Read vulnerability in Apple products

A memory corruption issue was addressed with improved validation.

5.0
2021-09-08 CVE-2021-1849 Apple Improper Verification of Cryptographic Signature vulnerability in Apple products

An issue in code signature validation was addressed with improved checks.

5.0
2021-09-08 CVE-2021-30698 Apple NULL Pointer Dereference vulnerability in Apple products

A null pointer dereference was addressed with improved input validation.

5.0
2021-09-08 CVE-2021-30715 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.0
2021-09-08 CVE-2020-11301 Qualcomm Improper Authentication vulnerability in Qualcomm products

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

5.0
2021-09-08 CVE-2021-1914 Qualcomm Infinite Loop vulnerability in Qualcomm products

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

5.0
2021-09-08 CVE-2020-29012 Fortinet Insufficient Session Expiration vulnerability in Fortinet Fortisandbox

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

5.0
2021-09-08 CVE-2021-39122 Atlassian Unspecified vulnerability in Atlassian products

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint.

5.0
2021-09-07 CVE-2020-19765 Proofofdiligencetoken Project Incorrect Authorization vulnerability in Proofofdiligencetoken Project Proofofdiligencetoken 1.0

An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.

5.0
2021-09-07 CVE-2020-19766 Tokenerc20 Project Improper Check for Unusual or Exceptional Conditions vulnerability in Tokenerc20 Project Tokenerc20 1.0

The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.

5.0
2021-09-07 CVE-2020-19767 Zeroxracer Project Unspecified vulnerability in Zeroxracer Project Zeroxracer 1.0

A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.

5.0
2021-09-07 CVE-2020-19768 Tokensale Project Insufficient Verification of Data Authenticity vulnerability in Tokensale Project Tokensale 1.0

A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script.

5.0
2021-09-07 CVE-2020-19769 Rtb1 Project Insufficient Verification of Data Authenticity vulnerability in Rtb1 Project Rtb1 1.0

A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script.

5.0
2021-09-07 CVE-2021-32766 Nextcloud Information Exposure Through an Error Message vulnerability in Nextcloud Server

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server.

5.0
2021-09-07 CVE-2021-37628 Nextcloud Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Richdocuments

Nextcloud Richdocuments is an open source collaborative office suite.

5.0
2021-09-07 CVE-2021-37629 Nextcloud Allocation of Resources Without Limits or Throttling vulnerability in Nextcloud Richdocuments

Nextcloud Richdocuments is an open source collaborative office suite.

5.0
2021-09-07 CVE-2021-39500 Eyoucms Path Traversal vulnerability in Eyoucms 1.5.4

Eyoucms 1.5.4 is vulnerable to Directory Traversal.

5.0
2021-09-07 CVE-2020-19750 Gpac Out-of-bounds Read vulnerability in Gpac 0.8.0

An issue was discovered in gpac 0.8.0.

5.0
2021-09-07 CVE-2021-35947 Owncloud Information Exposure Through an Error Message vulnerability in Owncloud

The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.

5.0
2021-09-07 CVE-2021-35949 Owncloud Incorrect Authorization vulnerability in Owncloud

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

5.0
2021-09-07 CVE-2020-19131 Simplesystems
Debian
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".

5.0
2021-09-07 CVE-2020-7819 Ntracker SQL Injection vulnerability in Ntracker USB Enterprise

A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.

5.0
2021-09-07 CVE-2021-36717 Synerion Path Traversal vulnerability in Synerion Timenet 9.21

Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file.

5.0
2021-09-07 CVE-2021-33484 Onyaktech Comments PRO Project Use of Hard-coded Credentials vulnerability in Onyaktech Comments PRO Project Onyaktech Comments PRO 3.8

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8.

5.0
2021-09-06 CVE-2021-36093 Otrs Unspecified vulnerability in Otrs

It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS.

5.0
2021-09-06 CVE-2021-36095 Otrs Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs

Malicious attacker is able to find out valid user logins by using the "lost password" feature.

5.0
2021-09-09 CVE-2021-25452 Google Improper Input Validation vulnerability in Google Android 10.0/11.0

An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.

4.9
2021-09-09 CVE-2021-1935 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

4.9
2021-09-09 CVE-2021-30294 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

4.9
2021-09-09 CVE-2021-34786 Cisco Improper Authentication vulnerability in Cisco Broadworks Commpilot Application Software

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

4.9
2021-09-08 CVE-2021-1807 Apple Improper Input Validation vulnerability in Apple Iphone OS

A validation issue was addressed with improved input sanitization.

4.9
2021-09-08 CVE-2021-1824 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved entitlements.

4.9
2021-09-08 CVE-2021-1830 Apple Out-of-bounds Read vulnerability in Apple Ipados and Iphone OS

An out-of-bounds read was addressed with improved input validation.

4.9
2021-09-08 CVE-2021-1877 Apple Out-of-bounds Read vulnerability in Apple Ipados and Iphone OS

An out-of-bounds read was addressed with improved input validation.

4.9
2021-09-08 CVE-2021-30770 Apple Improper Authentication vulnerability in Apple Iphone OS

A logic issue was addressed with improved validation.

4.9
2021-09-07 CVE-2021-27022 Puppet Information Exposure Through Log Files vulnerability in Puppet and Puppet Enterprise

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be.

4.9
2021-09-06 CVE-2021-25737 Kubernetes Open Redirect vulnerability in Kubernetes

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node.

4.9
2021-09-08 CVE-2021-30667 Apple Improper Authentication vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved validation.

4.8
2021-09-09 CVE-2021-25461 Google Out-of-bounds Write vulnerability in Google Android 8.1

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

4.6
2021-09-09 CVE-2021-28493 Arista Improper Authentication vulnerability in Arista Metamako Operating System

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so.

4.6
2021-09-09 CVE-2021-28497 Arista Unspecified vulnerability in Arista Metamako Operating System

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access.

4.6
2021-09-09 CVE-2021-1961 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2021-09-09 CVE-2021-1962 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

4.6
2021-09-09 CVE-2021-1963 Qualcomm Use After Free vulnerability in Qualcomm products

Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2021-09-08 CVE-2021-30605 Google Improper Authentication vulnerability in Google Chrome OS Readiness Tool 1.0.0.0/1.0.1.0

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

4.6
2021-09-08 CVE-2021-36216 Linecorp Uncontrolled Search Path Element vulnerability in Linecorp Line

LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection.

4.6
2021-09-08 CVE-2021-1839 Apple Improper Privilege Management vulnerability in Apple mac OS X and Macos

The issue was addressed with improved permissions logic.

4.6
2021-09-08 CVE-2021-1840 Apple Improper Input Validation vulnerability in Apple mac OS X and Macos

A memory corruption issue was addressed with improved validation.

4.6
2021-09-08 CVE-2021-1853 Apple Improper Privilege Management vulnerability in Apple Macos

A logic issue was addressed with improved state management.

4.6
2021-09-08 CVE-2021-1868 Apple Improper Privilege Management vulnerability in Apple products

A logic issue was addressed with improved state management.

4.6
2021-09-08 CVE-2021-30677 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved environment sanitization.

4.6
2021-09-08 CVE-2021-30680 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

4.6
2021-09-08 CVE-2021-30688 Apple Unspecified vulnerability in Apple mac OS X and Macos

A malicious application may be able to break out of its sandbox.

4.6
2021-09-08 CVE-2021-30739 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A local attacker may be able to elevate their privileges.

4.6
2021-09-08 CVE-2021-30781 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

4.6
2021-09-08 CVE-2021-30784 Apple Unspecified vulnerability in Apple mac OS X and Macos

Multiple issues were addressed with improved logic.

4.6
2021-09-08 CVE-2021-1923 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT

4.6
2021-09-06 CVE-2021-36744 Trendmicro Link Following vulnerability in Trendmicro products

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

4.6
2021-09-09 CVE-2021-25465 Samsung Improper Input Validation vulnerability in Samsung Themes

An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.

4.4
2021-09-09 CVE-2021-1958 Qualcomm Use After Free vulnerability in Qualcomm products

A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables

4.4
2021-09-09 CVE-2021-30290 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

4.4
2021-09-10 CVE-2021-3646 Btcpayserver Cross-site Scripting vulnerability in Btcpayserver Btcpay Server

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3
2021-09-10 CVE-2021-38326 Wpleet Cross-site Scripting vulnerability in Wpleet Post Title Counter

The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.

4.3
2021-09-10 CVE-2021-38327 Ueberhamm Design Cross-site Scripting vulnerability in Ueberhamm-Design Youtube Video Inserter

The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0.

4.3
2021-09-10 CVE-2021-38328 Notices Project Cross-site Scripting vulnerability in Notices Project Notices 6.1

The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1.

4.3
2021-09-10 CVE-2021-38329 DJ Emailpublish Project Cross-site Scripting vulnerability in DJ Emailpublish Project DJ Emailpublish 1.7.2

The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.

4.3
2021-09-10 CVE-2021-38330 Tromit Cross-site Scripting vulnerability in Tromit Yabp

The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.

4.3
2021-09-10 CVE-2021-38331 WP T WAP Project Cross-site Scripting vulnerability in Wp-T-Wap Project Wp-T-Wap

The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.

4.3
2021-09-10 CVE-2021-38332 OPS Robots TXT Project Cross-site Scripting vulnerability in Ops-Robots-Txt Project Ops-Robots-Txt 1.0.1

The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

4.3
2021-09-10 CVE-2021-38333 WP Scrippets Project Cross-site Scripting vulnerability in WP Scrippets Project WP Scrippets

The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1.

4.3
2021-09-10 CVE-2021-38334 Amazingweb Cross-site Scripting vulnerability in Amazingweb Wp-Design-Maps-Places 1.2

The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.

4.3
2021-09-10 CVE-2021-38335 Wiseagent Cross-site Scripting vulnerability in Wiseagent Wise Agent Capture Forms

The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.

4.3
2021-09-10 CVE-2021-38336 SW Guide Cross-site Scripting vulnerability in Sw-Guide Edit Comments XT

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.

4.3
2021-09-10 CVE-2021-38337 Carrcommunications Cross-site Scripting vulnerability in Carrcommunications Rsvpmaker Excel 1.1

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.

4.3
2021-09-10 CVE-2021-38338 Border Loading BAR Project Cross-site Scripting vulnerability in Border Loading BAR Project Border Loading BAR 1.0.1

The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

4.3
2021-09-10 CVE-2021-38339 Devondev Cross-site Scripting vulnerability in Devondev Simple Matted Thumbnails 1.01

The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.

4.3
2021-09-10 CVE-2021-38340 Wordpress Simple Shop Project Cross-site Scripting vulnerability in Wordpress Simple Shop Project Wordpress Simple Shop

The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.

4.3
2021-09-10 CVE-2021-38341 Dreamfoxmedia Cross-site Scripting vulnerability in Dreamfoxmedia Woocommerce Payment Gateway PER Category 2.0.10

The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.

4.3
2021-09-10 CVE-2021-38347 Custom Website Data Project Cross-site Scripting vulnerability in Custom Website Data Project Custom Website Data 2.2

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.

4.3
2021-09-10 CVE-2021-38348 Advance Search Project Cross-site Scripting vulnerability in Advance Search Project Advance Search 1.1.2

The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2.

4.3
2021-09-10 CVE-2021-38349 Techastha Cross-site Scripting vulnerability in Techastha Integration of Moneybird for Woocommerce 2.1.1

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.

4.3
2021-09-10 CVE-2021-38350 Spideranalyse Project Cross-site Scripting vulnerability in Spideranalyse Project Spideranalyse

The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1.

4.3
2021-09-10 CVE-2021-38351 Outsidesource Cross-site Scripting vulnerability in Outsidesource OSD Subscribe 1.2.3

The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.

4.3
2021-09-10 CVE-2021-38352 Feedify Cross-site Scripting vulnerability in Feedify web Push Notifications 2.1.8

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.

4.3
2021-09-10 CVE-2021-38353 Webodid Cross-site Scripting vulnerability in Webodid Dropdown and Scrollable Text

The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.

4.3
2021-09-10 CVE-2021-38354 GNU Mailman Integration Project Cross-site Scripting vulnerability in Gnu-Mailman Integration Project Gnu-Mailman Integration 1.0.6

The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.

4.3
2021-09-10 CVE-2021-38355 BUG Library Project Cross-site Scripting vulnerability in BUG Library Project BUG Library 2.0.3

The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3.

4.3
2021-09-10 CVE-2021-38357 Elyazalee Cross-site Scripting vulnerability in Elyazalee Sms-Ovh 0.1

The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.

4.3
2021-09-10 CVE-2021-38358 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Moolamojo 0.7.4.1

The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1.

4.3
2021-09-10 CVE-2021-38359 Invitebox Cross-site Scripting vulnerability in Invitebox 1.4.1

The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.

4.3
2021-09-10 CVE-2021-35976 Plesk Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17

The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467.

4.3
2021-09-10 CVE-2018-19957 Qnap Improper Restriction of Rendered UI Layers or Frames vulnerability in Qnap QTS

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud.

4.3
2021-09-09 CVE-2020-19282 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.

4.3
2021-09-09 CVE-2020-19283 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.

4.3
2021-09-09 CVE-2020-19295 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.

4.3
2021-09-09 CVE-2021-39200 Wordpress
Debian
Information Exposure vulnerability in multiple products

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

4.3
2021-09-09 CVE-2021-25451 Google Improper Authentication vulnerability in Google Android 10.0/11.0/9.0

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

4.3
2021-09-09 CVE-2021-25454 Google Out-of-bounds Read vulnerability in Google Android

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

4.3
2021-09-09 CVE-2021-25455 Google Out-of-bounds Read vulnerability in Google Android

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

4.3
2021-09-09 CVE-2021-25456 Google Out-of-bounds Read vulnerability in Google Android

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

4.3
2021-09-09 CVE-2021-28914 BAB Technologie Weak Password Requirements vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced.

4.3
2021-09-09 CVE-2021-38316 WP Academic People List Project Cross-site Scripting vulnerability in WP Academic People List Project WP Academic People List

The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1.

4.3
2021-09-09 CVE-2021-38317 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Konnichiwa

The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3.

4.3
2021-09-09 CVE-2021-38318 3D Cover Carousel Project Cross-site Scripting vulnerability in 3D Cover Carousel Project 3D Cover Carousel 1.0

The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.

4.3
2021-09-09 CVE-2021-38319 Windyroad Cross-site Scripting vulnerability in Windyroad More From Google

The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.

4.3
2021-09-09 CVE-2021-38320 Simplesamlphp Authentication Project Cross-site Scripting vulnerability in Simplesamlphp Authentication Project Simplesamlphp Authentication 0.7.0

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0.

4.3
2021-09-09 CVE-2021-38321 Custom SUB Menus Project Cross-site Scripting vulnerability in Custom-Sub-Menus Project Custom-Sub-Menus 1.3.3

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3.

4.3
2021-09-09 CVE-2021-38322 Twitter Friends Widget Project Cross-site Scripting vulnerability in Twitter Friends Widget Project Twitter Friends Widget 3.1

The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1.

4.3
2021-09-09 CVE-2021-38323 30Lines Cross-site Scripting vulnerability in 30Lines Rentpress 6.6.4

The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4.

4.3
2021-09-09 CVE-2021-38325 User Activation Email Project Cross-site Scripting vulnerability in User-Activation-Email Project User-Activation-Email

The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0.

4.3
2021-09-09 CVE-2020-19264 Mipcms Cross-Site Request Forgery (CSRF) vulnerability in Mipcms 5.0.1

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.

4.3
2021-09-09 CVE-2020-19265 Dswjcms Project Cross-site Scripting vulnerability in Dswjcms Project Dswjcms 1.6.4

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.

4.3
2021-09-09 CVE-2020-19266 Dswjcms Project Cross-site Scripting vulnerability in Dswjcms Project Dswjcms 1.6.4

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.

4.3
2021-09-09 CVE-2020-19143 Simplesystems
Debian
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

4.3
2021-09-09 CVE-2020-19144 Simplesystems
Debian
Netapp
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.

4.3
2021-09-09 CVE-2020-19515 Qdpm Cross-site Scripting vulnerability in Qdpm 9.1

qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.

4.3
2021-09-09 CVE-2021-38721 Thedaylightstudio Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0

FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability

4.3
2021-09-09 CVE-2021-32833 Emby Files or Directories Accessible to External Parties vulnerability in Emby Emby.Releases

Emby Server is a personal media server with apps on many devices.

4.3
2021-09-08 CVE-2021-28569 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.

4.3
2021-09-08 CVE-2021-1810 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-1811 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-1820 Apple Improper Initialization vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

4.3
2021-09-08 CVE-2021-1825 Apple Cross-site Scripting vulnerability in Apple products

An input validation issue was addressed with improved input validation.

4.3
2021-09-08 CVE-2021-1826 Apple Cross-site Scripting vulnerability in Apple products

A logic issue was addressed with improved restrictions.

4.3
2021-09-08 CVE-2021-1831 Apple Incorrect Default Permissions vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved permissions logic.

4.3
2021-09-08 CVE-2021-1837 Apple Improper Certificate Validation vulnerability in Apple Ipados and Iphone OS

A certificate validation issue was addressed.

4.3
2021-09-08 CVE-2021-1846 Apple Out-of-bounds Read vulnerability in Apple products

Processing a maliciously crafted audio file may disclose restricted memory.

4.3
2021-09-08 CVE-2021-1854 Apple Incorrect Authorization vulnerability in Apple Ipados and Iphone OS

A call termination issue with was addressed with improved logic.

4.3
2021-09-08 CVE-2021-1857 Apple Improper Initialization vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

4.3
2021-09-08 CVE-2021-1861 Apple Unspecified vulnerability in Apple Macos

An issue existed in determining cache occupancy.

4.3
2021-09-08 CVE-2021-1865 Apple Cleartext Storage of Sensitive Information vulnerability in Apple Ipados and Iphone OS

An issue obscuring passwords in screenshots was addressed with improved logic.

4.3
2021-09-08 CVE-2021-1872 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-1873 Apple Unspecified vulnerability in Apple mac OS X and Macos

An API issue in Accessibility TCC permissions was addressed with improved state management.

4.3
2021-09-08 CVE-2021-1883 Apple Improper Validation of Integrity Check Value vulnerability in Apple products

This issue was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30657 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30658 Apple Download of Code Without Integrity Check vulnerability in Apple Macos

This issue was addressed with improved handling of file metadata.

4.3
2021-09-08 CVE-2021-30659 Apple Unspecified vulnerability in Apple products

A validation issue was addressed with improved logic.

4.3
2021-09-08 CVE-2021-30669 Apple Download of Code Without Integrity Check vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30671 Apple Improper Input Validation vulnerability in Apple mac OS X and Macos

A validation issue was addressed with improved logic.

4.3
2021-09-08 CVE-2021-30673 Apple Unspecified vulnerability in Apple mac OS X and Macos

An access issue was addressed with improved access restrictions.

4.3
2021-09-08 CVE-2021-30674 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

This issue was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30682 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved restrictions.

4.3
2021-09-08 CVE-2021-30685 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30686 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

4.3
2021-09-08 CVE-2021-30687 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

4.3
2021-09-08 CVE-2021-30689 Apple Cross-site Scripting vulnerability in Apple products

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30691 Apple Unspecified vulnerability in Apple products

An information disclosure issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30692 Apple Unspecified vulnerability in Apple products

An information disclosure issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30694 Apple Unspecified vulnerability in Apple products

An information disclosure issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30695 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

4.3
2021-09-08 CVE-2021-30696 Apple Unspecified vulnerability in Apple mac OS X and Macos

An attacker in a privileged network position may be able to misrepresent application state.

4.3
2021-09-08 CVE-2021-30700 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30705 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30706 Apple Out-of-bounds Read vulnerability in Apple products

Processing a maliciously crafted image may lead to disclosure of user information.

4.3
2021-09-08 CVE-2021-30709 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30716 Apple Unspecified vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30722 Apple Unspecified vulnerability in Apple mac OS X and Macos

An information disclosure issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30750 Apple Incorrect Default Permissions vulnerability in Apple Macos

The issue was addressed with improved permissions logic.

4.3
2021-09-08 CVE-2021-30751 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved data protection.

4.3
2021-09-08 CVE-2021-30755 Apple Out-of-bounds Read vulnerability in Apple Macos and Tvos

Processing a maliciously crafted font may result in the disclosure of process memory.

4.3
2021-09-08 CVE-2021-30757 Apple Unspecified vulnerability in Apple Imovie 6.0.3

This issue was addressed by enabling hardened runtime.

4.3
2021-09-08 CVE-2021-30763 Apple Improper Input Validation vulnerability in Apple Ipados and Iphone OS

An input validation issue was addressed with improved input validation.

4.3
2021-09-08 CVE-2021-30768 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved validation.

4.3
2021-09-08 CVE-2021-30769 Apple Improper Authentication vulnerability in Apple Iphone OS

A logic issue was addressed with improved state management.

4.3
2021-09-08 CVE-2021-30773 Apple Unspecified vulnerability in Apple Iphone OS

An issue in code signature validation was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30776 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved validation.

4.3
2021-09-08 CVE-2021-30778 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved entitlements.

4.3
2021-09-08 CVE-2021-30782 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed with improved checks.

4.3
2021-09-08 CVE-2021-30791 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

4.3
2021-09-08 CVE-2021-30796 Apple Unspecified vulnerability in Apple Iphone OS

A logic issue was addressed with improved validation.

4.3
2021-09-08 CVE-2021-30803 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with improved validation.

4.3
2021-09-08 CVE-2021-30804 Apple Unspecified vulnerability in Apple Iphone OS

A permissions issue was addressed with improved validation.

4.3
2021-09-08 CVE-2020-19855 Phpwcms Cross-site Scripting vulnerability in PHPwcms 1.9.0

phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.

4.3
2021-09-08 CVE-2021-39116 Atlassian Unspecified vulnerability in Atlassian Jira Data Center

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component.

4.3
2021-09-07 CVE-2021-38704 Cliniccases Cross-site Scripting vulnerability in Cliniccases 7.3.3

Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL.

4.3
2021-09-07 CVE-2021-39499 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.5.4

A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.

4.3
2021-09-07 CVE-2021-39199 Remark Cross-site Scripting vulnerability in Remark Remark-Html

remark-html is an open source nodejs library which compiles Markdown to HTML.

4.3
2021-09-07 CVE-2021-33599 F Secure Infinite Loop vulnerability in F-Secure products

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner).

4.3
2021-09-07 CVE-2021-39285 Versa Networks Cross-site Scripting vulnerability in Versa-Networks Versa Director 16.1R2

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8.

4.3
2021-09-07 CVE-2021-39278 Moxa Cross-site Scripting vulnerability in Moxa products

Certain MOXA devices allow reflected XSS via the Config Import menu.

4.3
2021-09-06 CVE-2021-24435 Gambit Cross-site Scripting vulnerability in Gambit Titan Framework

The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues

4.3
2021-09-06 CVE-2021-24588 Cozyvision Cross-site Scripting vulnerability in Cozyvision SMS Alert Order Notifications

The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page.

4.3
2021-09-09 CVE-2021-22239 Gitlab Incorrect Authorization vulnerability in Gitlab

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.

4.0
2021-09-09 CVE-2021-39458 Redaxo Information Exposure Through an Error Message vulnerability in Redaxo 5.12.1

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup.

4.0
2021-09-08 CVE-2021-40797 Openstack Missing Release of Resource after Effective Lifetime vulnerability in Openstack Neutron

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1.

4.0
2021-09-08 CVE-2021-40537 Owncloud Server-Side Request Forgery (SSRF) vulnerability in Owncloud User Ldap

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app.

4.0
2021-09-08 CVE-2021-33981 Myfwc Authorization Bypass Through User-Controlled Key vulnerability in Myfwc Fish | Hunt FL

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.

4.0
2021-09-08 CVE-2021-3049 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Cortex Xsoar 5.5.0/6.1.0

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.

4.0
2021-09-08 CVE-2020-27940 Apple Unspecified vulnerability in Apple TV

This issue was addressed with improved file handling.

4.0
2021-09-08 CVE-2021-1878 Apple Integer Overflow or Wraparound vulnerability in Apple mac OS X and Macos

An integer overflow was addressed with improved input validation.

4.0
2021-09-08 CVE-2021-30714 Apple Race Condition vulnerability in Apple Ipados and Iphone OS

A race condition was addressed with improved state handling.

4.0
2021-09-08 CVE-2021-30718 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks.

4.0
2021-09-08 CVE-2021-30721 Apple Unspecified vulnerability in Apple mac OS X and Macos

A path handling issue was addressed with improved validation.

4.0
2021-09-08 CVE-2021-39121 Atlassian Unspecified vulnerability in Atlassian products

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint.

4.0
2021-09-07 CVE-2021-37630 Nextcloud Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Circles

Nextcloud Circles is an open source social network built for the nextcloud ecosystem.

4.0
2021-09-07 CVE-2021-37631 Nextcloud Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

4.0
2021-09-07 CVE-2021-39194 Kaml Project Infinite Loop vulnerability in Kaml Project Kaml

kaml is an open source implementation of the YAML format with support for kotlinx.serialization.

4.0
2021-09-07 CVE-2021-39195 Misskey Server-Side Request Forgery (SSRF) vulnerability in Misskey

Misskey is an open source, decentralized microblogging platform.

4.0
2021-09-07 CVE-2021-37733 Arubanetworks
Siemens
Path Traversal vulnerability in multiple products

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16.

4.0
2021-09-07 CVE-2021-38698 Hashicorp Missing Authorization vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

4.0
2021-09-07 CVE-2021-33831 TH Wildau Allocation of Resources Without Limits or Throttling vulnerability in Th-Wildau Covid-19 Contact Tracing 20210901

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control.

4.0
2021-09-06 CVE-2020-15939 Fortinet Unspecified vulnerability in Fortinet Fortisandbox

An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.

4.0
2021-09-06 CVE-2021-36096 Otrs Cleartext Storage of Sensitive Information vulnerability in Otrs

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.

4.0

81 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-09-08 CVE-2021-1928 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

3.6
2021-09-08 CVE-2021-1930 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

3.6
2021-09-09 CVE-2020-19281 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.

3.5
2021-09-09 CVE-2020-19284 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.

3.5
2021-09-09 CVE-2020-19285 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field.

3.5
2021-09-09 CVE-2020-19286 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.

3.5
2021-09-09 CVE-2020-19287 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.

3.5
2021-09-09 CVE-2020-19288 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.

3.5
2021-09-09 CVE-2020-19289 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.

3.5
2021-09-09 CVE-2020-19290 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.

3.5
2021-09-09 CVE-2020-19291 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.

3.5
2021-09-09 CVE-2020-19292 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.

3.5
2021-09-09 CVE-2020-19293 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.

3.5
2021-09-09 CVE-2020-19294 Jeesns Cross-site Scripting vulnerability in Jeesns 1.4.2

A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.

3.5
2021-09-09 CVE-2021-39201 Wordpress
Debian
Cross-site Scripting vulnerability in multiple products

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

3.5
2021-09-09 CVE-2021-39202 Wordpress Cross-site Scripting vulnerability in Wordpress 5.8

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

3.5
2021-09-09 CVE-2020-19268 Dswjcms Project Cross-Site Request Forgery (CSRF) vulnerability in Dswjcms Project Dswjcms 1.6.4

A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.

3.5
2021-09-09 CVE-2021-40223 Rittal Cross-site Scripting vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704

Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog).

3.5
2021-09-08 CVE-2021-31274 Librenms Cross-site Scripting vulnerability in Librenms

In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable.

3.5
2021-09-08 CVE-2021-3052 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.

3.5
2021-09-08 CVE-2021-36695 Deskpro Cross-site Scripting vulnerability in Deskpro 2021.1.6

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation.

3.5
2021-09-08 CVE-2021-40377 Smartertools Cross-site Scripting vulnerability in Smartertools Smartermail

SmarterTools SmarterMail 16.x before build 7866 has stored XSS.

3.5
2021-09-07 CVE-2021-32782 Nextcloud Cross-site Scripting vulnerability in Nextcloud Circles

Nextcloud Circles is an open source social network built for the nextcloud ecosystem.

3.5
2021-09-07 CVE-2021-38707 Cliniccases Cross-site Scripting vulnerability in Cliniccases 7.3.3

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters.

3.5
2021-09-07 CVE-2021-39496 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.5.4

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.

3.5
2021-09-07 CVE-2021-36696 Deskpro Cross-site Scripting vulnerability in Deskpro 2021.1.6

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation.

3.5
2021-09-07 CVE-2021-33483 Onyaktech Comments PRO Project Cross-site Scripting vulnerability in Onyaktech Comments PRO Project Onyaktech Comments PRO 3.8

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8.

3.5
2021-09-06 CVE-2021-36094 Otrs Cross-site Scripting vulnerability in Otrs

It's possible to craft a request for appointment edit screen, which could lead to the XSS attack.

3.5
2021-09-06 CVE-2021-3767 Bookstackapp Cross-site Scripting vulnerability in Bookstackapp Bookstack

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2021-09-06 CVE-2021-3768 Bookstackapp Cross-site Scripting vulnerability in Bookstackapp Bookstack

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5
2021-09-06 CVE-2021-24513 WEB Settler Cross-site Scripting vulnerability in Web-Settler Form Builder

The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed

3.5
2021-09-06 CVE-2021-24517 Trumani Cross-site Scripting vulnerability in Trumani Stop Spammers

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed

3.5
2021-09-06 CVE-2021-24568 Addtoany Cross-site Scripting vulnerability in Addtoany Share Buttons

The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2021-09-06 CVE-2021-24590 Gdprinfo Cross-site Scripting vulnerability in Gdprinfo Cookie Notice & Consent Banner for Gdpr & Ccpa Compliance

The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options.

3.5
2021-09-06 CVE-2021-24591 Dna88 Cross-site Scripting vulnerability in Dna88 Highlight 0.9.1/0.9.2

The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2021-09-06 CVE-2021-24601 Wpfront Cross-site Scripting vulnerability in Wpfront Notification BAR

The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2021-09-06 CVE-2021-24603 Geminilabs Cross-site Scripting vulnerability in Geminilabs Site Reviews

The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed

3.5
2021-09-06 CVE-2021-24611 Keyword Meta Project Cross-site Scripting vulnerability in Keyword Meta Project Keyword Meta 3.0

The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues.

3.5
2021-09-10 CVE-2021-33011 Jtekt Allocation of Resources Without Limits or Throttling vulnerability in Jtekt products

All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices.

3.3
2021-09-09 CVE-2021-25450 Google Path Traversal vulnerability in Google Android

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

3.3
2021-09-09 CVE-2021-25463 Samsung Unspecified vulnerability in Samsung Penup

Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.

3.3
2021-09-09 CVE-2021-1956 Qualcomm Unspecified vulnerability in Qualcomm products

Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

3.3
2021-09-09 CVE-2021-1957 Qualcomm Unspecified vulnerability in Qualcomm products

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

3.3
2021-09-09 CVE-2021-1960 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

3.3
2021-09-07 CVE-2021-31609 Silabs Unspecified vulnerability in Silabs Iwrap 5.8/6.3.0

The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.

3.3
2021-09-07 CVE-2021-31611 ZH Jieli Improper Locking vulnerability in Zh-Jieli products

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet.

3.3
2021-09-07 CVE-2021-34149 TI Unspecified vulnerability in TI Cc256Xcqfn-Em Firmware

The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

3.3
2021-09-07 CVE-2021-28135 Espressif Unspecified vulnerability in Espressif Esp-Idf

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.

3.3
2021-09-07 CVE-2021-28136 Espressif Out-of-bounds Write vulnerability in Espressif Esp-Idf

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

3.3
2021-09-07 CVE-2021-31613 ZH Jieli Unspecified vulnerability in Zh-Jieli products

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet.

3.3
2021-09-07 CVE-2021-34144 ZH Jieli Unspecified vulnerability in Zh-Jieli Fw-Ac63 BT SDK

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet.

3.3
2021-09-07 CVE-2021-34150 Bluetrum Unspecified vulnerability in Bluetrum Ab5301A Firmware

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet.

3.3
2021-09-07 CVE-2021-34145 Cypress Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.

2.9
2021-09-08 CVE-2021-28566 Magento Unspecified vulnerability in Magento

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image.

2.7
2021-09-09 CVE-2021-25453 Google Unspecified vulnerability in Google Android

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

2.1
2021-09-09 CVE-2021-25457 Google Improper Input Validation vulnerability in Google Android 10.0/11.0

An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.

2.1
2021-09-09 CVE-2021-25458 Google NULL Pointer Dereference vulnerability in Google Android

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

2.1
2021-09-09 CVE-2021-25459 Google Unspecified vulnerability in Google Android 10.0/11.0

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

2.1
2021-09-09 CVE-2021-25460 Google Unspecified vulnerability in Google Android 10.0/11.0

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.

2.1
2021-09-09 CVE-2021-25462 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/9.0

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

2.1
2021-09-09 CVE-2021-25464 Samsung Unspecified vulnerability in Samsung Capture

An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.

2.1
2021-09-09 CVE-2021-28499 Arista Insufficiently Protected Credentials vulnerability in Arista Metamako Operating System

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password.

2.1
2021-09-08 CVE-2021-1739 Apple Path Traversal vulnerability in Apple products

A parsing issue in the handling of directory paths was addressed with improved path validation.

2.1
2021-09-08 CVE-2021-1740 Apple Path Traversal vulnerability in Apple products

A parsing issue in the handling of directory paths was addressed with improved path validation.

2.1
2021-09-08 CVE-2021-1822 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved restrictions.

2.1
2021-09-08 CVE-2021-1835 Apple Missing Authorization vulnerability in Apple Ipados and Iphone OS

This issue was addressed with improved checks.

2.1
2021-09-08 CVE-2021-1848 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved UI handling.

2.1
2021-09-08 CVE-2021-1862 Apple Improper Authentication vulnerability in Apple Iphone OS

Description: A person with physical access may be able to access contacts.

2.1
2021-09-08 CVE-2021-1863 Apple Improper Authentication vulnerability in Apple Ipados and Iphone OS

An issue existed with authenticating the action triggered by an NFC tag.

2.1
2021-09-08 CVE-2021-30654 Apple Unspecified vulnerability in Apple Garageband

This issue was addressed by removing additional entitlements.

2.1
2021-09-08 CVE-2021-30668 Apple Improper Authentication vulnerability in Apple Macos

This issue was addressed with improved checks.

2.1
2021-09-08 CVE-2021-30697 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

2.1
2021-09-08 CVE-2021-30699 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A window management issue was addressed with improved state management.

2.1
2021-09-08 CVE-2021-30702 Apple Improper Authentication vulnerability in Apple mac OS X and Macos

A logic issue was addressed with improved state management.

2.1
2021-09-08 CVE-2021-30738 Apple Unspecified vulnerability in Apple mac OS X and Macos

A malicious application may be able to overwrite arbitrary files.

2.1
2021-09-08 CVE-2021-30756 Apple Information Exposure vulnerability in Apple Iphone OS

A local attacker may be able to view Now Playing information from the lock screen.

2.1
2021-09-08 CVE-2021-30783 Apple Unspecified vulnerability in Apple mac OS X and Macos

An access issue was addressed with improved access restrictions.

2.1
2021-09-08 CVE-2021-1904 Qualcomm Incorrect Comparison vulnerability in Qualcomm products

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

2.1
2021-09-08 CVE-2021-1929 Qualcomm Unspecified vulnerability in Qualcomm products

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

2.1
2021-09-07 CVE-2021-32801 Nextcloud Information Exposure Through Log Files vulnerability in Nextcloud Server

Nextcloud server is an open source, self hosted personal cloud.

2.1
2021-09-08 CVE-2021-30731 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved checks.

1.9