Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20333 | 1 Mongodb | 1 Mongodb | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21; MongoDB Server v4.2 versions prior to 4.2.10; | |||||
| CVE-2021-34259 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||||
| CVE-2021-34261 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. | |||||
| CVE-2021-34262 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||||
| CVE-2020-18013 | 1 Whatsns | 1 Whatsns | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. | |||||
| CVE-2020-22765 | 1 Nukeviet | 1 Nukeviet | 2021-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. | |||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | |||||
| CVE-2020-18430 | 1 Tinyexr Project | 1 Tinyexr | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). | |||||
| CVE-2021-34267 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. | |||||
| CVE-2021-25791 | 1 Online Doctor Appointment System Php Full Source Code Project | 1 Online Doctor Appointment System Php Full Source Code | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields. | |||||
| CVE-2021-25318 | 1 Rancher | 1 Rancher | 2021-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16. | |||||
| CVE-2021-1614 | 1 Cisco | 1 Sd-wan | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | |||||
| CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. | |||||
| CVE-2021-29767 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681. | |||||
| CVE-2021-34431 | 1 Eclipse | 1 Mosquitto | 2021-08-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker. | |||||
| CVE-2021-29769 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769. | |||||
| CVE-2021-34690 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980. | |||||
| CVE-2020-12731 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | |||||
| CVE-2020-12729 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. | |||||
| CVE-2021-29770 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771. | |||||