Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22357 | 1 Huawei | 8 S12700, S12700 Firmware, S5700 and 5 more | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500. | |||||
| CVE-2017-8571 | 1 Microsoft | 1 Outlook | 2021-08-30 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". | |||||
| CVE-2020-35684 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). | |||||
| CVE-2021-31401 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. | |||||
| CVE-2016-2165 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2021-08-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response. | |||||
| CVE-2017-7730 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 7.8 HIGH | 7.5 HIGH |
| iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | |||||
| CVE-2021-37586 | 1 Mitel | 1 Interaction Recording | 2021-08-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation. | |||||
| CVE-2021-0419 | 1 Google | 1 Android | 2021-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713. | |||||
| CVE-2021-0418 | 1 Google | 1 Android | 2021-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706. | |||||
| CVE-2021-0416 | 1 Google | 1 Android | 2021-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700. | |||||
| CVE-2021-36982 | 1 Monitorapp | 2 Application Insight Manager, Application Insight Web Application Firewall | 2021-08-24 | 9.3 HIGH | 8.1 HIGH |
| AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request. | |||||
| CVE-2021-20775 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege. | |||||
| CVE-2021-20764 | 1 Cybozu | 1 Garoon | 2021-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files. | |||||
| CVE-2021-20762 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege. | |||||
| CVE-2021-20760 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege. | |||||
| CVE-2021-20761 | 1 Cybozu | 1 Garoon | 2021-08-24 | 3.5 LOW | 2.7 LOW |
| Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege. | |||||
| CVE-2021-20754 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege. | |||||
| CVE-2021-33199 | 1 Expressionengine | 1 Expressionengine | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | |||||
| CVE-2021-0083 | 1 Intel | 192 Optane Persistent Memory Firmware, Xeon Bronze 3204, Xeon Bronze 3206r and 189 more | 2021-08-20 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-3048 | 1 Paloaltonetworks | 1 Pan-os | 2021-08-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted. | |||||