Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20752 | 1 Ikalka Rss Reader Project | 1 Ikalka Rss Reader | 2021-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2020-9158 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. | |||||
| CVE-2021-22343 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-22344 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. | |||||
| CVE-2018-25017 | 1 Rawspeed | 1 Rawspeed | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable. | |||||
| CVE-2021-28583 | 1 Magento | 1 Magento | 2021-07-06 | 4.3 MEDIUM | 4.2 MEDIUM |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources. | |||||
| CVE-2021-22352 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. | |||||
| CVE-2021-22345 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write. | |||||
| CVE-2021-22348 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute. | |||||
| CVE-2021-22350 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.8 HIGH | 7.5 HIGH |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart. | |||||
| CVE-2021-22349 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.8 HIGH | 7.5 HIGH |
| There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of insufficient input verification may cause the system to restart. | |||||
| CVE-2021-23400 | 1 Nodemailer | 1 Nodemailer | 2021-07-06 | 6.8 MEDIUM | 8.8 HIGH |
| The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | |||||
| CVE-2021-32735 | 1 Getkirby | 1 Kirby | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form. | |||||
| CVE-2021-32639 | 1 Nsa | 1 Emissary | 2021-07-06 | 6.5 MEDIUM | 9.9 CRITICAL |
| Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources. | |||||
| CVE-2021-23402 | 1 Record-like-deep-assign Project | 1 Record-like-deep-assign | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. | |||||
| CVE-2019-14322 | 2 Microsoft, Palletsprojects | 2 Windows, Werkzeug | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | |||||
| CVE-2021-27950 | 1 Sitasoftware | 1 Azurcms | 2021-07-06 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA. | |||||
| CVE-2021-27660 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2021-07-06 | 6.5 MEDIUM | 8.8 HIGH |
| An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. | |||||
| CVE-2021-22346 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. | |||||
| CVE-2020-9045 | 2 Johnsoncontrols, Tyco | 2 C-cure 9000 Firmware, Victor Video Management System | 2021-07-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | |||||
| CVE-2021-22353 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.8 HIGH | 7.5 HIGH |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart. | |||||
| CVE-2021-22368 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. | |||||
| CVE-2021-23403 | 1 Ts-nodash Project | 1 Ts-nodash | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. | |||||
| CVE-2021-28802 | 1 Qnap | 2 Qts, Quts Hero | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217. | |||||
| CVE-2020-36196 | 1 Qnap | 1 Qulog Center | 2021-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | |||||
| CVE-2020-36194 | 1 Qnap | 2 Qts, Quts Hero | 2021-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. | |||||
| CVE-2021-31874 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-07-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. | |||||
| CVE-2021-35971 | 1 Veeam | 1 Veeam Backup \& Replication | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | |||||
| CVE-2021-21673 | 1 Jenkins | 1 Cas | 2021-07-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2021-22374 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks. | |||||
| CVE-2018-17189 | 7 Apache, Canonical, Debian and 4 more | 13 Http Server, Ubuntu Linux, Debian Linux and 10 more | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. | |||||
| CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2021-07-06 | 5.0 MEDIUM | N/A |
| The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
| CVE-2021-22373 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-22371 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-25951 | 1 Xml2dict Project | 1 Xml2dict | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. | |||||
| CVE-2020-36386 | 1 Linux | 1 Linux Kernel | 2021-07-06 | 5.6 MEDIUM | 7.1 HIGH |
| An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | |||||
| CVE-2021-34385 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. | |||||
| CVE-2021-34384 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 7.8 HIGH |
| Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution. | |||||
| CVE-2021-34383 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges. | |||||
| CVE-2021-34382 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-07-06 | 4.6 MEDIUM | 7.8 HIGH |
| Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow, allowing writes to arbitrary addresses within the kernel. | |||||
| CVE-2021-34381 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-07-06 | 4.6 MEDIUM | 7.8 HIGH |
| Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function, which might lead to denial of service, information disclosure, or data tampering. | |||||
| CVE-2021-34380 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 7.8 HIGH |
| Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot. | |||||
| CVE-2021-22372 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-34379 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption. | |||||
| CVE-2021-22375 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. | |||||
| CVE-2021-34378 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges. | |||||
| CVE-2021-34377 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation of privileges, information disclosure, and denial of service. | |||||
| CVE-2021-34376 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure. | |||||
| CVE-2021-34375 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure. | |||||
| CVE-2021-34374 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-07-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service. | |||||