CVE-2021-33011 - All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between aff... read CVE-2021-33011
Published: September 10, 2021; 8:15:07 AM -0400

V3.1: 4.3 MEDIUM
V2.0: 3.3 LOW

CVE-2021-3645 - merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Published: September 10, 2021; 7:15:09 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-34344 - A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSB... read CVE-2021-34344
Published: September 10, 2021; 12:15:18 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-1855 - A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon.
Published: September 08, 2021; 11:15:11 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM

CVE-2020-21126 - MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
Published: September 15, 2021; 1:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2020-21127 - MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
Published: September 15, 2021; 1:15:09 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-37412 - The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.
Published: September 15, 2021; 1:15:10 PM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-32139 - The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
Published: September 13, 2021; 4:15:08 PM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-32138 - The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
Published: September 13, 2021; 4:15:08 PM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-37535 - SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
Published: September 14, 2021; 8:15:10 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-38150 - When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials.... read CVE-2021-38150
Published: September 14, 2021; 8:15:10 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-34343 - A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following... read CVE-2021-34343
Published: September 10, 2021; 12:15:18 AM -0400

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM

CVE-2021-37532 - SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
Published: September 14, 2021; 8:15:10 AM -0400

V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM

CVE-2021-33686 - Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.
Published: September 14, 2021; 8:15:09 AM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

CVE-2021-3780 - peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Published: September 15, 2021; 8:15:16 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-33688 - SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.
Published: September 14, 2021; 8:15:09 AM -0400

V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM

CVE-2021-3783 - yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Published: September 15, 2021; 8:15:16 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-39125 - Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from v... read CVE-2021-39125
Published: September 14, 2021; 3:15:07 AM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

CVE-2021-3785 - yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Published: September 15, 2021; 8:15:16 AM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2020-20672 - An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
Published: September 13, 2021; 6:15:10 PM -0400

V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM