CVE List - 2021 / July
Showing 401 - 500 of 1581 CVEs for July 2021 (Page 5 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-27293 | 2021-07-12 | RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable... |
| CVE-2021-35037 | 2021-07-12 | Jamf Pro before 10.30.1 allows for an unvalidated URL redirect... |
| CVE-2021-35064 | 2021-07-12 | KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration... |
| CVE-2021-30129 | 2021-07-12 | DoS/OOM leak vulnerability in Apache Mina SSHD Server |
| CVE-2021-36377 | 2021-07-12 | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the... |
| CVE-2021-32678 | 2021-07-12 | Ratelimit not applied on OCS API responses |
| CVE-2020-21131 | 2021-07-12 | SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. |
| CVE-2020-21132 | 2021-07-12 | SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. |
| CVE-2020-21133 | 2021-07-12 | SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. |
| CVE-2021-26089 | 2021-07-12 | An improper symlink following in FortiClient for Mac 6.4.3 and... |
| CVE-2021-32679 | 2021-07-12 | Filenames not escaped by default in controllers using DownloadResponse |
| CVE-2021-26090 | 2021-07-12 | A missing release of memory after its effective lifetime vulnerability... |
| CVE-2021-36382 | 2021-07-12 | Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers... |
| CVE-2021-36383 | 2021-07-12 | Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0)... |
| CVE-2021-26088 | 2021-07-12 | An improper authentication vulnerability in FSSO Collector version 5.0.295 and... |
| CVE-2021-32680 | 2021-07-12 | Audit log is not properly logging unsetting of share expiration date |
| CVE-2021-24015 | 2021-07-12 | An improper neutralization of special elements used in an OS... |
| CVE-2021-24013 | 2021-07-12 | Multiple Path traversal vulnerabilities in the Webmail of FortiMail before... |
| CVE-2020-7872 | 2021-07-12 | DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability,... |
| CVE-2021-32688 | 2021-07-12 | Application specific tokens can change their own scope |
| CVE-2020-18979 | 2021-07-12 | Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the... |
| CVE-2021-33807 | 2021-07-12 | Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and... |
| CVE-2021-30639 | 2021-07-12 | DoS after non-blocking IO error |
| CVE-2021-30640 | 2021-07-12 | Auth weakness in JNDIRealm |
| CVE-2021-33037 | 2021-07-12 | Incorrect Transfer-Encoding handling with HTTP/1.0 |
| CVE-2020-18980 | 2021-07-12 | Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr... |
| CVE-2021-23390 | 2021-07-12 | Arbitrary Code Execution |
| CVE-2021-23389 | 2021-07-12 | Arbitrary Code Execution |
| CVE-2020-19204 | 2021-07-12 | An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning... |
| CVE-2021-32703 | 2021-07-12 | Lack of ratelimit on shareinfo endpoint |
| CVE-2021-32705 | 2021-07-12 | Lack of ratelimit on public DAV endpoint |
| CVE-2020-19203 | 2021-07-12 | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php,... |
| CVE-2021-21588 | 2021-07-12 | Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability... |
| CVE-2021-21589 | 2021-07-12 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to... |
| CVE-2021-21590 | 2021-07-12 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to... |
| CVE-2021-21591 | 2021-07-12 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to... |
| CVE-2021-36381 | 2021-07-12 | In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can... |
| CVE-2020-19201 | 2021-07-12 | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php,... |
| CVE-2020-4938 | 2021-07-12 | IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site... |
| CVE-2021-20414 | 2021-07-12 | IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user... |
| CVE-2021-29792 | 2021-07-12 | IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow... |
| CVE-2021-29794 | 2021-07-12 | IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH... |
| CVE-2021-29803 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.... |
| CVE-2021-29804 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.... |
| CVE-2021-29805 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting.... |
| CVE-2021-29822 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This... |
| CVE-2020-18982 | 2021-07-12 | Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. |
| CVE-2020-23079 | 2021-07-12 | SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration,... |
| CVE-2020-19037 | 2021-07-12 | Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a... |
| CVE-2020-19038 | 2021-07-12 | File Deletion vulnerability in Halo 0.4.3 via delBackup. |
| CVE-2021-32689 | 2021-07-12 | Nextcloud Talk not properly disassociating users from chats after account deletion |
| CVE-2021-32707 | 2021-07-12 | Bypass of image blocking in Nextcloud Mail |
| CVE-2020-19907 | 2021-07-12 | A command injection vulnerability in the sandcat plugin of Caldera... |
| CVE-2021-24365 | 2021-07-12 | Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field |
| CVE-2021-24385 | 2021-07-12 | Filebird 4.7.3 - Unauthenticated SQL Injection |
| CVE-2021-24408 | 2021-07-12 | Prismatic < 2.8 - Contributor+ Stored XSS |
| CVE-2021-24409 | 2021-07-12 | Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24418 | 2021-07-12 | Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning |
| CVE-2021-24419 | 2021-07-12 | WP YouTube Lyte < 1.7.16 - Authenticated Stored XSS |
| CVE-2021-24420 | 2021-07-12 | Request a Quote < 2.3.4 - Authenticated Stored XSS |
| CVE-2021-24421 | 2021-07-12 | WP JobSearch < 1.7.4 - Authenticated Stored XSS |
| CVE-2021-24424 | 2021-07-12 | WP Reset < 1.90 - Authenticated Stored XSS |
| CVE-2021-24426 | 2021-07-12 | Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24427 | 2021-07-12 | W3 Total Cache < 2.1.3 - Authenticated Stored XSS |
| CVE-2021-24429 | 2021-07-12 | Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24434 | 2021-07-12 | Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24439 | 2021-07-12 | Browser Screenshots < 1.7.6 - Contributor+ Stored XSS |
| CVE-2021-24440 | 2021-07-12 | Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24441 | 2021-07-12 | Sign-up Sheets < 1.0.14 - Authenticated CSV Injection |
| CVE-2021-24442 | 2021-07-12 | Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection |
| CVE-2021-24454 | 2021-07-12 | YOP Poll < 6.2.8 - Stored Cross-Site Scripting |
| CVE-2021-32725 | 2021-07-12 | Default share permissions not respected for federated reshares |
| CVE-2020-18544 | 2021-07-12 | SQL Injection in WMS v1.0 allows remote attackers to execute... |
| CVE-2021-32726 | 2021-07-12 | Webauthn tokens not removed after user has been deleted |
| CVE-2021-32727 | 2021-07-12 | End-to-end encryption device setup did not verify public key |
| CVE-2021-32733 | 2021-07-12 | XSS in Nextcloud Text application |
| CVE-2021-32734 | 2021-07-12 | File path disclosure of shared files in Nextcloud Text application |
| CVE-2021-32741 | 2021-07-12 | Lack of ratelimit on public share link mount endpoint |
| CVE-2021-32746 | 2021-07-12 | Possible path traversal by use of the `doc` module |
| CVE-2021-32747 | 2021-07-12 | Custom variable protection and blacklists can be circumvented |
| CVE-2021-32754 | 2021-07-12 | Improper Restriction of XML External Entity Reference in de.tud.sse |
| CVE-2020-19716 | 2021-07-13 | A buffer overflow vulnerability in the Databuf function in types.cpp... |
| CVE-2021-1940 | 2021-07-13 | Use after free can occur due to improper handling of... |
| CVE-2021-31810 | 2021-07-13 | An issue was discovered in Ruby through 2.6.7, 2.7.x through... |
| CVE-2021-34552 | 2021-07-13 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through... |
| CVE-2020-11307 | 2021-07-13 | Buffer overflow in modem due to improper array index check... |
| CVE-2021-1886 | 2021-07-13 | Incorrect handling of pointers in trusted application key import mechanism... |
| CVE-2021-1887 | 2021-07-13 | An assertion can be reached in the WLAN subsystem while... |
| CVE-2021-1888 | 2021-07-13 | Memory corruption in key parsing and import function due to... |
| CVE-2021-1889 | 2021-07-13 | Possible buffer overflow due to lack of length check in... |
| CVE-2021-1890 | 2021-07-13 | Improper length check of public exponent in RSA import key... |
| CVE-2021-1896 | 2021-07-13 | Weak configuration in WLAN could cause forwarding of unencrypted packets... |
| CVE-2021-1897 | 2021-07-13 | Possible Buffer Over-read due to lack of validation of boundary... |
| CVE-2021-1898 | 2021-07-13 | Possible buffer over-read due to incorrect overflow check when loading... |
| CVE-2021-1899 | 2021-07-13 | Possible buffer over read due to lack of length check... |
| CVE-2021-1901 | 2021-07-13 | Possible buffer over-read due to lack of length check while... |
| CVE-2021-1907 | 2021-07-13 | Possible buffer overflow due to lack of length check in... |
| CVE-2021-1931 | 2021-07-13 | Possible buffer overflow due to improper validation of buffer length... |
| CVE-2021-1938 | 2021-07-13 | Possible assertion due to improper verification while creating and deleting... |
| CVE-2021-1943 | 2021-07-13 | Possible buffer out of bound read can occur due to... |