CVE List - 2021 / July
Showing 1501 - 1581 of 1581 CVEs for July 2021 (Page 16 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-37595 | 2021-07-27 | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. |
| CVE-2021-37594 | 2021-07-27 | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. |
| CVE-2021-37596 | 2021-07-27 | Telegram Web K Alpha 0.6.1 allows XSS via a document name. |
| CVE-2021-37600 | 2021-07-28 | An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large... |
| CVE-2020-26180 | 2021-07-28 | Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user... |
| CVE-2020-5341 | 2021-07-28 | Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4... |
| CVE-2020-5351 | 2021-07-28 | Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with... |
| CVE-2021-20783 | 2021-07-28 | Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page. |
| CVE-2021-20785 | 2021-07-28 | Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from... |
| CVE-2021-20786 | 2021-07-28 | Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession... |
| CVE-2021-20787 | 2021-07-28 | Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from... |
| CVE-2021-20788 | 2021-07-28 | Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession... |
| CVE-2021-20789 | 2021-07-28 | Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from... |
| CVE-2021-36983 | 2021-07-28 | replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. |
| CVE-2021-23414 | 2021-07-28 | Cross-site Scripting (XSS) |
| CVE-2021-32001 | 2021-07-28 | K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token |
| CVE-2021-32000 | 2021-07-28 | clone-master-clean-up: dangerous file system operations |
| CVE-2020-10590 | 2021-07-28 | Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800)... |
| CVE-2020-4974 | 2021-07-28 | IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration... |
| CVE-2020-5004 | 2021-07-28 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2021-37601 | 2021-07-28 | muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations. |
| CVE-2021-34165 | 2021-07-28 | A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. |
| CVE-2021-34166 | 2021-07-28 | A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. |
| CVE-2021-25200 | 2021-07-28 | Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. |
| CVE-2021-23417 | 2021-07-28 | Prototype Pollution |
| CVE-2021-23416 | 2021-07-28 | Cross-site Scripting (XSS) |
| CVE-2021-23415 | 2021-07-28 | Directory Traversal |
| CVE-2020-21854 | 2021-07-28 | Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page. |
| CVE-2021-37606 | 2021-07-28 | Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as... |
| CVE-2020-15948 | 2021-07-28 | eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. |
| CVE-2021-31799 | 2021-07-29 | In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. |
| CVE-2021-37578 | 2021-07-29 | Remote code execution via RMI |
| CVE-2020-36239 | 2021-07-29 | Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center... |
| CVE-2021-30124 | 2021-07-29 | The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder. |
| CVE-2021-20505 | 2021-07-29 | The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network... |
| CVE-2021-36386 | 2021-07-29 | report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified... |
| CVE-2020-22761 | 2021-07-29 | Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. |
| CVE-2020-22765 | 2021-07-29 | Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. |
| CVE-2020-21808 | 2021-07-29 | SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. |
| CVE-2020-21809 | 2021-07-29 | SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. |
| CVE-2020-5329 | 2021-07-29 | Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users... |
| CVE-2020-5353 | 2021-07-29 | The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An... |
| CVE-2021-21538 | 2021-07-29 | Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the... |
| CVE-2021-21546 | 2021-07-29 | Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this... |
| CVE-2020-18157 | 2021-07-29 | Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. |
| CVE-2020-18158 | 2021-07-29 | Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. |
| CVE-2020-18175 | 2021-07-29 | SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. |
| CVE-2021-36621 | 2021-07-29 | Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker... |
| CVE-2021-36624 | 2021-07-29 | Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. |
| CVE-2021-37144 | 2021-07-29 | CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected... |
| CVE-2021-23418 | 2021-07-29 | XML External Entity (XXE) Injection |
| CVE-2021-20111 | 2021-07-29 | A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with... |
| CVE-2021-20112 | 2021-07-29 | A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with... |
| CVE-2021-20113 | 2021-07-29 | An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then... |
| CVE-2021-20114 | 2021-07-29 | When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. |
| CVE-2021-25273 | 2021-07-29 | Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. |
| CVE-2021-36741 | 2021-07-29 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary... |
| CVE-2021-36742 | 2021-07-29 | A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges... |
| CVE-2021-37742 | 2021-07-30 | app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. |
| CVE-2021-37743 | 2021-07-30 | app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. |
| CVE-2020-26563 | 2021-07-30 | ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.) |
| CVE-2021-29736 | 2021-07-30 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. |
| CVE-2021-29781 | 2021-07-30 | IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could... |
| CVE-2021-37746 | 2021-07-30 | textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. |
| CVE-2021-29297 | 2021-07-30 | Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack... |
| CVE-2021-29298 | 2021-07-30 | Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM)... |
| CVE-2021-35193 | 2021-07-30 | Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL... |
| CVE-2021-3636 | 2021-07-30 | It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods,... |
| CVE-2021-22521 | 2021-07-30 | A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized... |
| CVE-2021-34629 | 2021-07-30 | SendGrid <= 1.11.8 – Authorization Bypass |
| CVE-2021-34630 | 2021-07-30 | Reflected XSS in GTranslate Pro and GTranslate Enterprise < 2.8.65 |
| CVE-2021-27491 | 2021-07-30 | Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process. |
| CVE-2021-27495 | 2021-07-30 | Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after... |
| CVE-2021-32807 | 2021-07-30 | Remote Code Execution via unsafe classes in otherwise permitted modules |
| CVE-2020-26806 | 2021-07-31 | admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid... |
| CVE-2020-26564 | 2021-07-31 | ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link... |
| CVE-2020-26565 | 2021-07-31 | ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data. |
| CVE-2021-33617 | 2021-07-31 | Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. |
| CVE-2021-37760 | 2021-07-31 | A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). |
| CVE-2021-37759 | 2021-07-31 | A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). |
| CVE-2021-32066 | 2021-08-01 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which... |
| CVE-2021-24444 | 2021-08-02 | TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-33196 | 2021-08-02 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. |
| CVE-2017-18113 | 2021-08-02 | The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary... |
| CVE-2021-35477 | 2021-08-02 | In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation... |
| CVE-2021-34556 | 2021-08-02 | In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the... |
| CVE-2021-3351 | 2021-08-02 | OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. |
| CVE-2021-33526 | 2021-08-02 | Privilege escalation in mbDIALUP <= 3.9R0.0 |
| CVE-2021-33527 | 2021-08-02 | OS Command Injection in mbDIALUP <= 3.9R0.0 |
| CVE-2021-34574 | 2021-08-02 | Password policy evasion in products of MB connect line and Helmholz |
| CVE-2021-34575 | 2021-08-02 | Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0 |
| CVE-2021-24371 | 2021-08-02 | RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF |
| CVE-2021-24425 | 2021-08-02 | myStickymenu < 2.5.2 - Authenticated Stored XSS |
| CVE-2021-24428 | 2021-08-02 | RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS |
| CVE-2021-24430 | 2021-08-02 | Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE |
| CVE-2021-24443 | 2021-08-02 | Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography |
| CVE-2021-24448 | 2021-08-02 | Profile Builder < 3.4.8 - Authenticated Stored XSS |
| CVE-2021-24450 | 2021-08-02 | ProfilePress < 3.1.8 - Authenticated Stored XSS |
| CVE-2021-24455 | 2021-08-02 | Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24456 | 2021-08-02 | Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections |