CVE List - 2021 / July
Showing 901 - 1000 of 1581 CVEs for July 2021 (Page 10 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-34440 | 2021-07-16 | GDI+ Information Disclosure Vulnerability |
| CVE-2021-34441 | 2021-07-16 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| CVE-2021-34442 | 2021-07-16 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2021-34444 | 2021-07-16 | Windows DNS Server Denial of Service Vulnerability |
| CVE-2021-34445 | 2021-07-16 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2021-34446 | 2021-07-16 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| CVE-2021-34447 | 2021-07-16 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2021-34448 | 2021-07-16 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-34449 | 2021-07-16 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-34450 | 2021-07-16 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2021-34451 | 2021-07-16 | Microsoft Office Online Server Spoofing Vulnerability |
| CVE-2021-34452 | 2021-07-16 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2021-34454 | 2021-07-16 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2021-34455 | 2021-07-16 | Windows File History Service Elevation of Privilege Vulnerability |
| CVE-2021-34456 | 2021-07-16 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2021-34457 | 2021-07-16 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2021-34458 | 2021-07-16 | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2021-34459 | 2021-07-16 | Windows AppContainer Elevation Of Privilege Vulnerability |
| CVE-2021-34460 | 2021-07-16 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2021-34461 | 2021-07-16 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability |
| CVE-2021-34462 | 2021-07-16 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| CVE-2021-34464 | 2021-07-16 | Microsoft Defender Remote Code Execution Vulnerability |
| CVE-2021-34466 | 2021-07-16 | Windows Hello Security Feature Bypass Vulnerability |
| CVE-2021-34467 | 2021-07-16 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-34481 | 2021-07-16 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2021-3452 | 2021-07-16 | A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2021-3453 | 2021-07-16 | Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the... |
| CVE-2021-3550 | 2021-07-16 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. |
| CVE-2021-3614 | 2021-07-16 | A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo... |
| CVE-2019-3752 | 2021-07-16 | Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External... |
| CVE-2021-36769 | 2021-07-16 | A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in... |
| CVE-2021-32574 | 2021-07-17 | HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1. |
| CVE-2021-36213 | 2021-07-17 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4... |
| CVE-2021-36772 | 2021-07-17 | Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. |
| CVE-2021-36771 | 2021-07-17 | Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. |
| CVE-2021-33911 | 2021-07-17 | Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. |
| CVE-2021-36773 | 2021-07-18 | uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded... |
| CVE-2020-36421 | 2021-07-19 | An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed. |
| CVE-2020-36422 | 2021-07-19 | An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable. |
| CVE-2020-36423 | 2021-07-19 | An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware... |
| CVE-2020-36424 | 2021-07-19 | An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base... |
| CVE-2020-36425 | 2021-07-19 | An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an... |
| CVE-2020-36426 | 2021-07-19 | An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). |
| CVE-2021-32760 | 2021-07-19 | Archive package allows chmod of file outside of unpack target directory |
| CVE-2021-33592 | 2021-07-19 | NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check... |
| CVE-2021-24436 | 2021-07-19 | W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context) |
| CVE-2021-24447 | 2021-07-19 | WP Image Zoom < 1.47 - Local File Inclusion |
| CVE-2021-24452 | 2021-07-19 | W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context) |
| CVE-2021-24453 | 2021-07-19 | Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning |
| CVE-2021-24482 | 2021-07-19 | Related Posts for WordPress <= 2.0.4 - Authenticated Stored XSS & XFS |
| CVE-2021-33501 | 2021-07-19 | Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. |
| CVE-2021-33027 | 2021-07-19 | Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. |
| CVE-2021-35963 | 2021-07-19 | Learningdigital.com, Inc. Orca HCM - Unrestricted Upload of File with Dangerous Type |
| CVE-2021-35964 | 2021-07-19 | Learningdigital.com, Inc. Orca HCM - Broken Authentication |
| CVE-2021-35965 | 2021-07-19 | Learningdigital.com, Inc. Orca HCM - Hard-code password |
| CVE-2021-35966 | 2021-07-19 | Learningdigital.com, Inc. Orca HCM - URL Redirection to Untrusted Site ('Open Redirect') |
| CVE-2021-35967 | 2021-07-19 | Learningdigital.com, Inc. Orca HCM - Path Traversal-1 |
| CVE-2021-35968 | 2021-07-19 | Learningdigital.com, Inc. Orca HCM - Path Traversal-2 |
| CVE-2021-3279 | 2021-07-19 | sz.chat version 4 allows injection of web scripts and HTML in the message box. |
| CVE-2021-31216 | 2021-07-19 | Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate... |
| CVE-2021-32012 | 2021-07-19 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1... |
| CVE-2021-32013 | 2021-07-19 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2... |
| CVE-2021-32014 | 2021-07-19 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. |
| CVE-2021-34817 | 2021-07-19 | A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad. |
| CVE-2021-35449 | 2021-07-19 | The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege... |
| CVE-2021-20109 | 2021-07-19 | Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This... |
| CVE-2021-20108 | 2021-07-19 | Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user... |
| CVE-2021-20110 | 2021-07-19 | Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP... |
| CVE-2021-35043 | 2021-07-19 | OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the... |
| CVE-2020-36427 | 2021-07-19 | GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. |
| CVE-2020-5031 | 2021-07-19 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-20507 | 2021-07-19 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-29707 | 2021-07-19 | IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879. |
| CVE-2021-29780 | 2021-07-19 | IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force... |
| CVE-2020-20230 | 2021-07-19 | Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems... |
| CVE-2021-36797 | 2021-07-19 | In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about... |
| CVE-2021-36799 | 2021-07-19 | KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that... |
| CVE-2021-34676 | 2021-07-19 | Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation. |
| CVE-2021-34675 | 2021-07-19 | Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports. |
| CVE-2020-22650 | 2021-07-19 | A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm... |
| CVE-2021-34820 | 2021-07-19 | Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an... |
| CVE-2021-34821 | 2021-07-19 | Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to... |
| CVE-2020-20249 | 2021-07-19 | Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service. |
| CVE-2020-20248 | 2021-07-19 | Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems... |
| CVE-2020-22741 | 2021-07-19 | An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. |
| CVE-2021-34617 | 2021-07-19 | A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x: 6.5.4.13 and below;... |
| CVE-2021-34618 | 2021-07-19 | A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and... |
| CVE-2021-31590 | 2021-07-19 | PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user... |
| CVE-2021-3135 | 2021-07-19 | An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. |
| CVE-2020-29499 | 2021-07-19 | Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the... |
| CVE-2020-29503 | 2021-07-19 | Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. |
| CVE-2020-5315 | 2021-07-19 | Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated... |
| CVE-2020-5320 | 2021-07-19 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges... |
| CVE-2020-5321 | 2021-07-19 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high... |
| CVE-2020-5322 | 2021-07-19 | Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary... |
| CVE-2020-5323 | 2021-07-19 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could... |
| CVE-2020-5349 | 2021-07-19 | Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative... |
| CVE-2021-32773 | 2021-07-19 | Confused deputy attack in sandbox module resolution |
| CVE-2021-22235 | 2021-07-20 | Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file |
| CVE-2021-2369 | 2021-07-20 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM... |