Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37627 | 1 Contao | 1 Contao | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users are advised to update to Contao 4.4.56, 4.9.18 or 4.11.7. As a workaround users may disable the form generator or disable the login for untrusted back end users. | |||||
| CVE-2021-37696 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2021-08-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update to the current commit. As a workaround users may unload the MassDM cog or globally disable the `[p]massdm` command. | |||||
| CVE-2021-37697 | 1 Tmerc-cogs Project | 1 Tmerc-cogs | 2021-08-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround users may unload the Welcome cog. | |||||
| CVE-2021-36790 | 1 Dated News Project | 1 Dated News | 2021-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. | |||||
| CVE-2021-36792 | 1 Dated News Project | 1 Dated News | 2021-08-20 | 6.4 MEDIUM | 7.2 HIGH |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. | |||||
| CVE-2021-38373 | 1 Kde | 1 Kmail | 2021-08-20 | 3.5 LOW | 5.3 MEDIUM |
| In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. | |||||
| CVE-2021-38371 | 1 Exim | 1 Exim | 2021-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |||||
| CVE-2021-38372 | 1 Kde | 1 Trojita | 2021-08-20 | 4.3 MEDIUM | 3.7 LOW |
| In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. | |||||
| CVE-2021-0160 | 1 Intel | 6 Avermedia Capture Card, Nuc Pro Chassis Element Cmcm2fb, Nuc Pro Chassis Element Cmcm2fbav and 3 more | 2021-08-20 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0083 | 1 Intel | 192 Optane Persistent Memory Firmware, Xeon Bronze 3204, Xeon Bronze 3206r and 189 more | 2021-08-20 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24576 | 1 Netskope | 1 Netskope | 2021-08-20 | 9.0 HIGH | 8.8 HIGH |
| Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. | |||||
| CVE-2021-37623 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2021-08-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5. | |||||
| CVE-2021-26424 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-20 | 6.8 MEDIUM | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2021-38188 | 1 Iced-x86 Project | 1 Iced-x86 | 2021-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely. | |||||
| CVE-2021-38382 | 1 Live555 | 1 Live555 | 2021-08-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | |||||
| CVE-2021-38381 | 1 Live555 | 1 Live555 | 2021-08-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | |||||
| CVE-2021-38380 | 1 Live555 | 1 Live555 | 2021-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack. | |||||
| CVE-2021-38592 | 1 Wasm3 Project | 1 Wasm3 | 2021-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). | |||||
| CVE-2021-37699 | 1 Vercel | 1 Next.js | 2021-08-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0. | |||||
| CVE-2021-38591 | 1 Google | 1 Android | 2021-08-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021). | |||||