CVE List - 2021 / July
Showing 201 - 300 of 1581 CVEs for July 2021 (Page 3 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-26274 | 2021-07-07 | The Agent in NinjaRMM 5.0.909 has Insecure Permissions. |
| CVE-2021-28931 | 2021-07-07 | Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. |
| CVE-2021-31925 | 2021-07-07 | Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. |
| CVE-2021-33215 | 2021-07-07 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. |
| CVE-2021-33216 | 2021-07-07 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. |
| CVE-2021-33217 | 2021-07-07 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary... |
| CVE-2021-32506 | 2021-07-07 | QSAN Storage Manager - Absolute Path Traversal via GetImage function |
| CVE-2021-32507 | 2021-07-07 | QSAN Storage Manager - Absolute Path Traversal via FileDownload function |
| CVE-2021-32508 | 2021-07-07 | QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function |
| CVE-2021-32509 | 2021-07-07 | QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function |
| CVE-2021-32510 | 2021-07-07 | QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function |
| CVE-2021-32511 | 2021-07-07 | QSAN Storage Manager - Exposure of Information Through Directory Listing Following via ViewBroserList function |
| CVE-2021-32512 | 2021-07-07 | QSAN Storage Manager - Command Injection Following via QuickInstall function |
| CVE-2021-32513 | 2021-07-07 | QSAN Storage Manager - Command Injection Following via QsanTorture function |
| CVE-2021-32514 | 2021-07-07 | QSAN Storage Manager - Improper Access Control Following via FirwareUpgrade function |
| CVE-2021-32515 | 2021-07-07 | QSAN Storage Manager - Exposure of Information Through Directory Listing |
| CVE-2021-33218 | 2021-07-07 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. |
| CVE-2021-32516 | 2021-07-07 | QSAN Storage Manager - Path Traversal |
| CVE-2021-32517 | 2021-07-07 | QSAN Storage Manager - Improper Access Control |
| CVE-2021-32518 | 2021-07-07 | QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following |
| CVE-2021-32519 | 2021-07-07 | QSAN Storage Manager, XEVO, SANOS - Use of Password Hash With Insufficient Computational Effort |
| CVE-2021-32520 | 2021-07-07 | QSAN Storage Manager - Use of Hard-coded Cryptographic Key |
| CVE-2021-32521 | 2021-07-07 | QSAN Storage Manager, XEVO, SANOS - Use of Hard-coded Password |
| CVE-2021-32522 | 2021-07-07 | QSAN Storage Manager, XEVO, SANOS - Improper Restriction of Excessive Authentication Attempts |
| CVE-2021-32523 | 2021-07-07 | QSAN Storage Manager - Improper Authorization |
| CVE-2021-32524 | 2021-07-07 | QSAN Storage Manager - Command Injection-3 |
| CVE-2021-32525 | 2021-07-07 | QSAN Storage Manager - Use of Hard-coded Password-2 |
| CVE-2021-32526 | 2021-07-07 | QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource |
| CVE-2021-32527 | 2021-07-07 | QSAN Storage Manager - Path Traversal-2 |
| CVE-2021-32528 | 2021-07-07 | QSAN Storage Manager - Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2021-32529 | 2021-07-07 | QSAN XEVO, SANOS - Command Injection -1 |
| CVE-2021-32530 | 2021-07-07 | QSAN XEVO - Command Injection Following via Array function |
| CVE-2021-32531 | 2021-07-07 | QSAN XEVO - Command Injection Following via Init function |
| CVE-2021-32532 | 2021-07-07 | QSAN XEVO - Path Traversal |
| CVE-2021-32533 | 2021-07-07 | QSAN SANOS - Command Injection |
| CVE-2021-32534 | 2021-07-07 | QSAN SANOS - Command Injection |
| CVE-2021-32535 | 2021-07-07 | QSAN SANOS - Use of Hard-coded Credentials |
| CVE-2021-32537 | 2021-07-07 | Realtek High definition audio Windows driver crashed |
| CVE-2021-32538 | 2021-07-07 | ARTWARE CMS - Unrestricted Upload of File |
| CVE-2021-33219 | 2021-07-07 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. |
| CVE-2021-33220 | 2021-07-07 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. |
| CVE-2021-33221 | 2021-07-07 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. |
| CVE-2021-20378 | 2021-07-07 | IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID:... |
| CVE-2021-20379 | 2021-07-07 | IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. |
| CVE-2021-20415 | 2021-07-07 | IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217. |
| CVE-2021-20416 | 2021-07-07 | IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could... |
| CVE-2021-20417 | 2021-07-07 | IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be... |
| CVE-2021-20474 | 2021-07-07 | IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CVE-2021-29759 | 2021-07-07 | IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. |
| CVE-2021-21787 | 2021-07-07 | A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer... |
| CVE-2021-21788 | 2021-07-07 | A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer... |
| CVE-2021-21789 | 2021-07-07 | A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer... |
| CVE-2021-21786 | 2021-07-07 | A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker... |
| CVE-2020-23700 | 2021-07-07 | Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. |
| CVE-2020-23702 | 2021-07-07 | Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php. |
| CVE-2021-32714 | 2021-07-07 | Integer Overflow in Chunked Transfer-Encoding |
| CVE-2021-32715 | 2021-07-07 | Lenient Parsing of Content-Length Header When Prefixed with Plus Sign |
| CVE-2021-21775 | 2021-07-07 | A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak... |
| CVE-2021-21807 | 2021-07-07 | An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide... |
| CVE-2021-34430 | 2021-07-08 | Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. |
| CVE-2021-28809 | 2021-07-08 | Missing Authentication for Critical Function in RTRR Server in HBS3 |
| CVE-2021-31816 | 2021-07-08 | When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. |
| CVE-2021-31817 | 2021-07-08 | When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. |
| CVE-2021-32461 | 2021-07-08 | Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and... |
| CVE-2021-32462 | 2021-07-08 | Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry... |
| CVE-2021-21821 | 2021-07-08 | A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a... |
| CVE-2021-21806 | 2021-07-08 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs... |
| CVE-2021-21793 | 2021-07-08 | An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker... |
| CVE-2021-21794 | 2021-07-08 | An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a... |
| CVE-2021-21779 | 2021-07-08 | A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory... |
| CVE-2020-28598 | 2021-07-08 | An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An... |
| CVE-2020-20217 | 2021-07-08 | Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading... |
| CVE-2021-34110 | 2021-07-08 | WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges. |
| CVE-2021-25426 | 2021-07-08 | Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. |
| CVE-2021-25427 | 2021-07-08 | SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information |
| CVE-2021-25428 | 2021-07-08 | Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. |
| CVE-2021-25429 | 2021-07-08 | Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. |
| CVE-2021-25430 | 2021-07-08 | Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. |
| CVE-2021-25431 | 2021-07-08 | Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer. |
| CVE-2021-25432 | 2021-07-08 | Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. |
| CVE-2021-25433 | 2021-07-08 | Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal. |
| CVE-2021-25434 | 2021-07-08 | Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode. |
| CVE-2021-25435 | 2021-07-08 | Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode. |
| CVE-2021-25436 | 2021-07-08 | Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol. |
| CVE-2021-25437 | 2021-07-08 | Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file. |
| CVE-2021-25438 | 2021-07-08 | Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file... |
| CVE-2021-25439 | 2021-07-08 | Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage... |
| CVE-2021-25440 | 2021-07-08 | Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. |
| CVE-2021-25441 | 2021-07-08 | Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. |
| CVE-2021-25442 | 2021-07-08 | Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. |
| CVE-2021-29150 | 2021-07-08 | A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this... |
| CVE-2021-29151 | 2021-07-08 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this... |
| CVE-2021-29152 | 2021-07-08 | A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that... |
| CVE-2021-34611 | 2021-07-08 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address... |
| CVE-2021-34610 | 2021-07-08 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address... |
| CVE-2020-20582 | 2021-07-08 | A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. |
| CVE-2020-20583 | 2021-07-08 | A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information. |
| CVE-2020-20584 | 2021-07-08 | A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/. |
| CVE-2020-20585 | 2021-07-08 | A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information. |
| CVE-2020-20586 | 2021-07-08 | A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. |