Total
433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29963 | 1 Mozilla | 1 Firefox | 2024-08-03 | 4.3 Medium |
| Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. | ||||
| CVE-2021-29655 | 1 Pexip | 1 Infinity Connect | 2024-08-03 | 9.8 Critical |
| Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | ||||
| CVE-2021-29462 | 1 Pupnp Project | 1 Pupnp | 2024-08-03 | 7.6 High |
| The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. | ||||
| CVE-2021-29239 | 1 Codesys | 1 Development System | 2024-08-03 | 7.8 High |
| CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | ||||
| CVE-2021-28678 | 3 Fedoraproject, Python, Redhat | 3 Fedora, Pillow, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. | ||||
| CVE-2021-28091 | 4 Debian, Entrouvert, Fedoraproject and 1 more | 4 Debian Linux, Lasso, Fedora and 1 more | 2024-08-03 | 7.5 High |
| Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. | ||||
| CVE-2021-26625 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-08-03 | 8.8 High |
| Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. | ||||
| CVE-2021-26608 | 2 Handysoft, Microsoft | 2 Hshell, Windows | 2024-08-03 | 8.8 High |
| An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. | ||||
| CVE-2021-26610 | 2 Microsoft, Nhn-commerce | 2 Windows, Godomall5 | 2024-08-03 | 7.2 High |
| The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code. | ||||
| CVE-2021-26396 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2024-08-03 | 4.4 Medium |
| Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. | ||||
| CVE-2021-24825 | 1 Custom Content Shortcode Project | 1 Custom Content Shortcode | 2024-08-03 | 4.3 Medium |
| The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed) | ||||
| CVE-2021-23998 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-08-03 | 6.5 Medium |
| Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | ||||
| CVE-2021-22947 | 9 Apple, Debian, Fedoraproject and 6 more | 37 Macos, Debian Linux, Fedora and 34 more | 2024-08-03 | 5.9 Medium |
| When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. | ||||
| CVE-2021-22460 | 1 Huawei | 1 Harmonyos | 2024-08-03 | 5.5 Medium |
| A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism. | ||||
| CVE-2021-22419 | 1 Huawei | 1 Harmonyos | 2024-08-03 | 5.5 Medium |
| A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. | ||||
| CVE-2021-22339 | 1 Huawei | 1 Manageone | 2024-08-03 | 6.5 Medium |
| There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal. | ||||
| CVE-2024-7256 | 1 Google | 1 Chrome | 2024-08-03 | 8.8 High |
| Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2021-21739 | 1 Zte | 2 Zxctn 6120h, Zxctn 6120h Firmware | 2024-08-03 | 4.6 Medium |
| A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24> | ||||
| CVE-2021-21320 | 1 Matrix-react-sdk Project | 1 Matrix-react-sdk | 2024-08-03 | 2.6 Low |
| matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0. | ||||
| CVE-2021-20271 | 4 Fedoraproject, Redhat, Rpm and 1 more | 9 Fedora, Enterprise Linux, Rhel Aus and 6 more | 2024-08-03 | 7.0 High |
| A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. | ||||