CVE List - 2021 / July
Showing 1 - 100 of 1581 CVEs for July 2021 (Page 1 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-36196 | 2021-07-01 | Stored XSS Vulnerability in QuLog Center |
| CVE-2021-28802 | 2021-07-01 | Command Injection Vulnerabilities in QTS and QuTS hero |
| CVE-2021-28803 | 2021-07-01 | Stored XSS Vulnerability in Q'center |
| CVE-2021-28804 | 2021-07-01 | Command Injection Vulnerabilities in QTS and QuTS hero |
| CVE-2021-36080 | 2021-07-01 | GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). |
| CVE-2021-36081 | 2021-07-01 | Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. |
| CVE-2021-36082 | 2021-07-01 | ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. |
| CVE-2021-36083 | 2021-07-01 | KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. |
| CVE-2021-36084 | 2021-07-01 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). |
| CVE-2021-36085 | 2021-07-01 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). |
| CVE-2021-36086 | 2021-07-01 | The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). |
| CVE-2021-36087 | 2021-07-01 | The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements... |
| CVE-2021-36088 | 2021-07-01 | Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). |
| CVE-2021-36089 | 2021-07-01 | Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). |
| CVE-2020-36400 | 2021-07-01 | ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235. |
| CVE-2020-36401 | 2021-07-01 | mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). |
| CVE-2020-36402 | 2021-07-01 | Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change. |
| CVE-2020-36403 | 2021-07-01 | HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). |
| CVE-2020-36404 | 2021-07-01 | Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. |
| CVE-2020-36405 | 2021-07-01 | Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken. |
| CVE-2020-36406 | 2021-07-01 | uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue... |
| CVE-2020-36407 | 2021-07-01 | libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. |
| CVE-2019-25048 | 2021-07-01 | LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). |
| CVE-2019-25049 | 2021-07-01 | LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). |
| CVE-2018-25017 | 2021-07-01 | RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable. |
| CVE-2018-25018 | 2021-07-01 | UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. |
| CVE-2017-20006 | 2021-07-01 | UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). |
| CVE-2021-20752 | 2021-07-01 | Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20778 | 2021-07-01 | Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. |
| CVE-2021-22347 | 2021-07-01 | There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. |
| CVE-2021-22344 | 2021-07-01 | There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. |
| CVE-2021-22343 | 2021-07-01 | There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. |
| CVE-2020-9158 | 2021-07-01 | There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. |
| CVE-2021-31813 | 2021-07-01 | Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. |
| CVE-2021-27477 | 2021-07-01 | When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E,... |
| CVE-2021-35336 | 2021-07-01 | Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive... |
| CVE-2021-35337 | 2021-07-01 | Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the... |
| CVE-2021-27660 | 2021-07-01 | C-CURE 9000 |
| CVE-2021-27661 | 2021-07-01 | Facility Explorer |
| CVE-2021-28127 | 2021-07-01 | An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. |
| CVE-2021-28423 | 2021-07-01 | Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or... |
| CVE-2021-28424 | 2021-07-01 | A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. |
| CVE-2020-4902 | 2021-07-01 | IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add,... |
| CVE-2020-4935 | 2021-07-01 | IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2020-27361 | 2021-07-01 | An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. |
| CVE-2020-27362 | 2021-07-01 | An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges. |
| CVE-2021-32729 | 2021-07-01 | A user without PR can reset user authentication failures information |
| CVE-2021-32730 | 2021-07-01 | No CSRF protection on the password change form |
| CVE-2021-32731 | 2021-07-01 | The reset password form reveal users email address |
| CVE-2020-23205 | 2021-07-01 | A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name"... |
| CVE-2020-23207 | 2021-07-01 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under... |
| CVE-2020-23208 | 2021-07-01 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under... |
| CVE-2020-23209 | 2021-07-01 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under... |
| CVE-2020-23214 | 2021-07-01 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under... |
| CVE-2020-23217 | 2021-07-01 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field... |
| CVE-2020-23219 | 2021-07-01 | Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. |
| CVE-2021-26920 | 2021-07-02 | Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended |
| CVE-2021-35042 | 2021-07-02 | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. |
| CVE-2021-35029 | 2021-07-02 | An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01,... |
| CVE-2021-27455 | 2021-07-02 | Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. |
| CVE-2021-27412 | 2021-07-02 | Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. |
| CVE-2021-35197 | 2021-07-02 | In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is... |
| CVE-2021-3606 | 2021-07-02 | OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code... |
| CVE-2021-3613 | 2021-07-02 | OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with... |
| CVE-2021-36132 | 2021-07-02 | An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing... |
| CVE-2021-36131 | 2021-07-02 | An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields.... |
| CVE-2021-36130 | 2021-07-02 | An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and... |
| CVE-2021-36129 | 2021-07-02 | An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing... |
| CVE-2021-36128 | 2021-07-02 | An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. |
| CVE-2021-36127 | 2021-07-02 | An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other... |
| CVE-2021-36126 | 2021-07-02 | An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English... |
| CVE-2021-36125 | 2021-07-02 | An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username... |
| CVE-2021-27950 | 2021-07-02 | A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default,... |
| CVE-2021-32735 | 2021-07-02 | Cross-site scripting (XSS) from field and configuration text displayed in the Panel |
| CVE-2021-32639 | 2021-07-02 | Server-Side Request Forgery (SSRF) in emissary:emissary |
| CVE-2021-23402 | 2021-07-02 | Prototype Pollution |
| CVE-2021-23403 | 2021-07-02 | Prototype Pollution |
| CVE-2021-31874 | 2021-07-02 | Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. |
| CVE-2020-23178 | 2021-07-02 | An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the... |
| CVE-2020-23179 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site... |
| CVE-2020-23181 | 2021-07-02 | A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage... |
| CVE-2020-23182 | 2021-07-02 | The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. |
| CVE-2020-23184 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration"... |
| CVE-2020-23185 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2020-23190 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2020-23192 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter... |
| CVE-2020-23194 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2020-36395 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into... |
| CVE-2020-36396 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into... |
| CVE-2020-36397 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into... |
| CVE-2020-36398 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under... |
| CVE-2020-36399 | 2021-07-02 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under... |
| CVE-2020-36408 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut"... |
| CVE-2020-36409 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category"... |
| CVE-2020-36410 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address... |
| CVE-2020-36411 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for... |
| CVE-2020-36412 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text"... |
| CVE-2020-36413 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these... |
| CVE-2020-36414 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)"... |
| CVE-2020-36415 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a... |