CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-0007 Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of serv... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0008 Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denia... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0012 Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0061 Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2021-0062 Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2021-0083 Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access. | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0084 Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege... | 7.8 | HIGH | — | 0 |
| CVE-2021-0160 Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege... | 7.8 | HIGH | — | 0 |
| CVE-2021-0196 Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via loca... | 7.8 | HIGH | — | 0 |
| CVE-2021-23420 This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializi... | 7.7 | HIGH | — | 0 |
| CVE-2021-32931 An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project f... | 7.8 | HIGH | — | 0 |
| CVE-2021-32939 FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary co... | 7.8 | HIGH | — | 0 |
| CVE-2019-25052 In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | 9.1 | CRITICAL | — | 0 |
| CVE-2021-34640 The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitra... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-20418 IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-20420 IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-20427 IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | 7.5 | HIGH | — | 0 |
| CVE-2021-38543 TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38544 Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38545 Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from ... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38546 CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38547 Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. T... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38548 JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indica... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38549 MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an ... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-3045 An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-3046 An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalPro... | 6.8 | MEDIUM | — | 0 |
| CVE-2021-37694 @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI... | 8.7 | HIGH | — | 0 |
| CVE-2021-3047 A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability... | 4.2 | MEDIUM | — | 0 |
| CVE-2021-3048 Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail an... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-3050 An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts:... | 8.8 | HIGH | — | 0 |
| CVE-2020-21976 An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | 8.8 | HIGH | — | 0 |
| CVE-2021-23421 All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. | 5.6 | MEDIUM | — | 0 |
| CVE-2021-38085 The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the ove... | 7.8 | HIGH | — | 0 |
| CVE-2021-32437 The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-32438 The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-32439 Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | 7.8 | HIGH | — | 0 |
| CVE-2021-32440 The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-33793 Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-33794 Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. | 9.1 | CRITICAL | — | 0 |
| CVE-2017-16629 In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an ... | 7.5 | HIGH | — | 0 |
| CVE-2017-16630 In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creat... | 8.8 | HIGH | — | 0 |
| CVE-2017-16631 In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. | 6.5 | MEDIUM | — | 0 |
| CVE-2017-16632 In SapphireIMS 4097_1, the password in the database is stored in Base64 format. | 7.5 | HIGH | — | 0 |
| CVE-2020-21359 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-21362 A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-21363 An arbitrary file deletion vulnerability exists within Maccms10. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38570 An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink. | 9.1 | CRITICAL | — | 0 |
| CVE-2020-25560 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject m... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25561 SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | 7.8 | HIGH | — | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.