Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32759 | 1 Openmage | 1 Magento | 2021-09-01 | 6.5 MEDIUM | 7.2 HIGH |
| OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue. | |||||
| CVE-2016-4825 | 1 Collne | 1 Welcart E-commerce | 2021-08-31 | 6.8 MEDIUM | 5.6 MEDIUM |
| The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | |||||
| CVE-2021-22245 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 2.7 LOW |
| Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | |||||
| CVE-2021-37692 | 1 Google | 1 Tensorflow | 2021-08-31 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until `NewTensor` returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, which is the other affected version. | |||||
| CVE-2016-0281 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | |||||
| CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2021-22357 | 1 Huawei | 8 S12700, S12700 Firmware, S5700 and 5 more | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500. | |||||
| CVE-2021-36007 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2021-08-30 | 6.8 MEDIUM | 3.3 LOW |
| Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2017-8571 | 1 Microsoft | 1 Outlook | 2021-08-30 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". | |||||
| CVE-2020-7823 | 1 Hmtalk | 1 Daviewindy | 2021-08-27 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-35684 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). | |||||
| CVE-2021-31401 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. | |||||
| CVE-2016-2165 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2021-08-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response. | |||||
| CVE-2017-7730 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 7.8 HIGH | 7.5 HIGH |
| iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | |||||
| CVE-2021-36014 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-08-25 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-37586 | 1 Mitel | 1 Interaction Recording | 2021-08-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation. | |||||
| CVE-2021-0419 | 1 Google | 1 Android | 2021-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713. | |||||
| CVE-2021-0418 | 1 Google | 1 Android | 2021-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706. | |||||
| CVE-2021-0416 | 1 Google | 1 Android | 2021-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700. | |||||
| CVE-2021-36982 | 1 Monitorapp | 2 Application Insight Manager, Application Insight Web Application Firewall | 2021-08-24 | 9.3 HIGH | 8.1 HIGH |
| AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request. | |||||