Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24827 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24826 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24821 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24822 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24823 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24824 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). | |||||
| CVE-2021-35450 | 1 Entando | 1 Admin Console | 2021-08-10 | 9.0 HIGH | 7.2 HIGH |
| A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute | |||||
| CVE-2021-22552 | 1 Google | 1 Asylo | 2021-08-10 | 2.1 LOW | 5.5 MEDIUM |
| An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a | |||||
| CVE-2021-37166 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 7.8 HIGH | 7.5 HIGH |
| A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker. | |||||
| CVE-2021-37167 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of the functionality of the device. | |||||
| CVE-2020-24825 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2021-29696 | 1 Ibm | 1 Cloud Pak For Security | 2021-08-10 | 9.0 HIGH | 7.2 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||||
| CVE-2021-29697 | 1 Ibm | 1 Cloud Pak For Security | 2021-08-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. | |||||
| CVE-2021-37164 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow. | |||||
| CVE-2021-37162 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote code execution. | |||||
| CVE-2021-37163 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | |||||
| CVE-2021-37161 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution. | |||||
| CVE-2021-24468 | 1 Bozdoz | 1 Leaflet Map | 2021-08-10 | 3.5 LOW | 5.4 MEDIUM |
| The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues | |||||
| CVE-2021-37840 | 1 Aapanel | 1 Aapanel | 2021-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome). | |||||
| CVE-2021-37606 | 1 Meow Hash Project | 1 Meow Hash | 2021-08-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences. | |||||