Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38614 | 1 Polipo Project | 1 Polipo | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-38597 | 1 Wolfssl | 1 Wolfssl | 2021-08-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | |||||
| CVE-2021-34483 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2021-34471 | 1 Microsoft | 1 Malware Protection Engine | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2021-26432 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | |||||
| CVE-2020-24741 | 2021-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-36785 | 1 Miniorange | 1 Saml | 2021-08-20 | 3.5 LOW | 5.4 MEDIUM |
| The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. | |||||
| CVE-2021-38585 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | |||||
| CVE-2021-38584 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). | |||||
| CVE-2021-38589 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 5.5 MEDIUM | 8.1 HIGH |
| In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). | |||||
| CVE-2021-38588 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 6.8 MEDIUM | 8.1 HIGH |
| In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | |||||
| CVE-2021-38365 | 1 Tonewinner | 2 Winner Desktop Speakers, Winner Desktop Speakers Firmware | 2021-08-20 | 4.3 MEDIUM | 3.7 LOW |
| Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | |||||
| CVE-2021-35955 | 1 Contao | 1 Contao | 2021-08-20 | 3.5 LOW | 4.8 MEDIUM |
| Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7. | |||||
| CVE-2020-20975 | 1 Gxlcms | 1 Gxlcms | 2021-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. | |||||
| CVE-2020-28165 | 1 Easycorp | 1 Zentao | 2021-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | |||||
| CVE-2021-38549 | 1 Benda | 2 Miracase Hmub500, Miracase Hmub500 Firmware | 2021-08-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers. | |||||
| CVE-2021-37178 | 1 Siemens | 2 Solid Edge Se2021, Solid Edge Se2021 Firmware | 2021-08-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file. | |||||
| CVE-2021-37222 | 1 Rcdcap Project | 1 Rcdcap | 2021-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets. | |||||
| CVE-2021-36950 | 1 Microsoft | 1 Dynamics 365 | 2021-08-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2021-36927 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2021-08-20 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | |||||