Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38589 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 5.5 MEDIUM | 8.1 HIGH |
| In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). | |||||
| CVE-2021-38365 | 1 Tonewinner | 2 Winner Desktop Speakers, Winner Desktop Speakers Firmware | 2021-08-20 | 4.3 MEDIUM | 3.7 LOW |
| Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | |||||
| CVE-2021-38549 | 1 Benda | 2 Miracase Hmub500, Miracase Hmub500 Firmware | 2021-08-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers. | |||||
| CVE-2021-37222 | 1 Rcdcap Project | 1 Rcdcap | 2021-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets. | |||||
| CVE-2021-38586 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 2.1 LOW | 4.4 MEDIUM |
| In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). | |||||
| CVE-2021-36932 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36933. | |||||
| CVE-2021-36933 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36932. | |||||
| CVE-2021-36936 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958. | |||||
| CVE-2021-36937 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | |||||
| CVE-2021-36938 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-20 | 2.1 LOW | 5.5 MEDIUM |
| Windows Cryptographic Primitives Library Information Disclosure Vulnerability | |||||
| CVE-2021-36941 | 1 Microsoft | 2 365 Apps, Office | 2021-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-36940 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2021-08-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-36947 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958. | |||||
| CVE-2021-36926 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36932, CVE-2021-36933. | |||||
| CVE-2021-37696 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2021-08-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update to the current commit. As a workaround users may unload the MassDM cog or globally disable the `[p]massdm` command. | |||||
| CVE-2021-37697 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2021-08-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround users may unload the Welcome cog. | |||||
| CVE-2021-36792 | 1 Dated News Project | 1 Dated News | 2021-08-20 | 6.4 MEDIUM | 7.2 HIGH |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. | |||||
| CVE-2021-26424 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-20 | 6.8 MEDIUM | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2021-38188 | 1 Iced-x86 Project | 1 Iced-x86 | 2021-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely. | |||||
| CVE-2021-38591 | 1 Google | 1 Android | 2021-08-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021). | |||||