Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18464 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 3.5 LOW | 3.5 LOW |
| Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. | |||||
| CVE-2021-29295 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched. | |||||
| CVE-2020-25082 | 1 Nuvoton | 2 Npct75x, Npct75x Firmware | 2021-08-17 | 1.9 LOW | 3.8 LOW |
| An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. | |||||
| CVE-2018-11849 | 1 Qualcomm | 86 Ipq8074, Ipq8074 Firmware, Mdm9206 and 83 more | 2021-08-17 | 7.2 HIGH | 7.8 HIGH |
| Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016 | |||||
| CVE-2021-20068 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. | |||||
| CVE-2021-20069 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. | |||||
| CVE-2021-20070 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. | |||||
| CVE-2021-20071 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. | |||||
| CVE-2021-20073 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | |||||
| CVE-2021-20074 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 9.0 HIGH | 8.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | |||||
| CVE-2021-20075 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 7.2 HIGH | 7.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | |||||
| CVE-2020-36433 | 1 Aeplay | 1 Chunky | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. | |||||
| CVE-2021-32798 | 1 Jupyter | 1 Notebook | 2021-08-17 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs. | |||||
| CVE-2020-36436 | 1 Unicycle Project | 1 Unicycle | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits. | |||||
| CVE-2020-36437 | 1 Conqueue Project | 1 Conqueue | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender<T>. | |||||
| CVE-2021-24502 | 1 Flippercode | 1 Wp Google Map | 2021-08-17 | 3.5 LOW | 4.8 MEDIUM |
| The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24505 | 1 Madeit | 1 Forms | 2021-08-17 | 3.5 LOW | 5.4 MEDIUM |
| The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field. | |||||
| CVE-2021-37633 | 1 Discourse | 1 Discourse | 2021-08-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | |||||
| CVE-2020-36440 | 1 Libsbc Project | 1 Libsbc | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder<R>, it implements Send for any R: Read. | |||||
| CVE-2021-24507 | 1 Brainstormforce | 1 Astra | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues | |||||