CVE List - 2021 / July
Showing 301 - 400 of 1581 CVEs for July 2021 (Page 4 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-29711 | 2021-07-08 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade... |
| CVE-2020-18741 | 2021-07-08 | Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." |
| CVE-2021-34609 | 2021-07-08 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this... |
| CVE-2021-34614 | 2021-07-08 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address... |
| CVE-2020-20363 | 2021-07-08 | Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. |
| CVE-2021-1575 | 2021-07-08 | Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability |
| CVE-2021-1574 | 2021-07-08 | Cisco Business Process Automation Privilege Escalation Vulnerabilities |
| CVE-2021-1359 | 2021-07-08 | Cisco Web Security Appliance Privilege Escalation Vulnerability |
| CVE-2021-1562 | 2021-07-08 | Cisco BroadWorks Application Server Information Disclosure Vulnerability |
| CVE-2021-1576 | 2021-07-08 | Cisco Business Process Automation Privilege Escalation Vulnerabilities |
| CVE-2021-1585 | 2021-07-08 | Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability |
| CVE-2021-1595 | 2021-07-08 | Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities |
| CVE-2021-1596 | 2021-07-08 | Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities |
| CVE-2021-1597 | 2021-07-08 | Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities |
| CVE-2021-1598 | 2021-07-08 | Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities |
| CVE-2021-1603 | 2021-07-08 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1604 | 2021-07-08 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1605 | 2021-07-08 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1606 | 2021-07-08 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1607 | 2021-07-08 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities |
| CVE-2020-23580 | 2021-07-08 | Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. |
| CVE-2021-34612 | 2021-07-08 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address... |
| CVE-2021-34613 | 2021-07-08 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address... |
| CVE-2021-34615 | 2021-07-08 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address... |
| CVE-2021-34616 | 2021-07-08 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address... |
| CVE-2021-36367 | 2021-07-09 | PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present... |
| CVE-2021-30116 | 2021-07-09 | Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6 |
| CVE-2021-32972 | 2021-07-09 | Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed... |
| CVE-2021-3570 | 2021-07-09 | A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an... |
| CVE-2021-3571 | 2021-07-09 | A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send... |
| CVE-2021-3612 | 2021-07-09 | An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a... |
| CVE-2021-3637 | 2021-07-09 | A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. |
| CVE-2012-1102 | 2021-07-09 | It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read... |
| CVE-2012-2666 | 2021-07-09 | golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. |
| CVE-2021-36154 | 2021-07-09 | HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and... |
| CVE-2021-36155 | 2021-07-09 | LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. |
| CVE-2021-36153 | 2021-07-09 | Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. |
| CVE-2021-23405 | 2021-07-09 | SQL Injection |
| CVE-2021-30117 | 2021-07-09 | Authenticated SQL injection in Kaseya VSA < v9.5.6 |
| CVE-2021-30118 | 2021-07-09 | Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5 |
| CVE-2021-30119 | 2021-07-09 | Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6 |
| CVE-2021-30120 | 2021-07-09 | 2FA bypass in Kaseya VSA <= v9.5.6 |
| CVE-2021-30121 | 2021-07-09 | (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6 |
| CVE-2021-30201 | 2021-07-09 | Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6 |
| CVE-2021-32742 | 2021-07-09 | Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash |
| CVE-2021-33012 | 2021-07-09 | Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which... |
| CVE-2021-32752 | 2021-07-09 | Files or Directories Accessible to External Parties in ether/logs |
| CVE-2021-27033 | 2021-07-09 | A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required... |
| CVE-2021-27034 | 2021-07-09 | A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute... |
| CVE-2021-27035 | 2021-07-09 | A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the... |
| CVE-2021-27036 | 2021-07-09 | A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or... |
| CVE-2021-27037 | 2021-07-09 | A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been... |
| CVE-2021-27038 | 2021-07-09 | A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute... |
| CVE-2021-27039 | 2021-07-09 | A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can... |
| CVE-2020-22535 | 2021-07-09 | Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. |
| CVE-2021-3541 | 2021-07-09 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. |
| CVE-2020-21333 | 2021-07-09 | Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. |
| CVE-2021-29712 | 2021-07-09 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-29730 | 2021-07-09 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete... |
| CVE-2021-33795 | 2021-07-09 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled. |
| CVE-2021-33792 | 2021-07-09 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. |
| CVE-2021-33214 | 2021-07-09 | In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of... |
| CVE-2021-24020 | 2021-07-09 | A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed... |
| CVE-2021-26100 | 2021-07-09 | A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way... |
| CVE-2020-29014 | 2021-07-09 | A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an... |
| CVE-2021-22129 | 2021-07-09 | Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a... |
| CVE-2021-26106 | 2021-07-09 | An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized... |
| CVE-2021-24007 | 2021-07-09 | Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. |
| CVE-2021-32753 | 2021-07-09 | Weak password in API gateway in EdgeX Foundry Edinburgh, Fuji, Geneva, and Hanoi releases allows remote attackers to obtain authentication token via dictionary-based password attack when OAuth2 authentication method is enabled. |
| CVE-2021-36371 | 2021-07-09 | Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least... |
| CVE-2021-20024 | 2021-07-09 | Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. |
| CVE-2021-35360 | 2021-07-09 | A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. |
| CVE-2021-35361 | 2021-07-09 | A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. |
| CVE-2021-35358 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title'... |
| CVE-2020-35987 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered... |
| CVE-2020-35986 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2020-35985 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered... |
| CVE-2020-35984 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered... |
| CVE-2020-25879 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered... |
| CVE-2020-25878 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into... |
| CVE-2020-25877 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2020-25876 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the... |
| CVE-2020-25875 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the... |
| CVE-2020-25394 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. |
| CVE-2020-25392 | 2021-07-09 | A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under... |
| CVE-2020-25391 | 2021-07-09 | A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the... |
| CVE-2021-29107 | 2021-07-10 | There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. |
| CVE-2021-29106 | 2021-07-10 | There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. |
| CVE-2021-29105 | 2021-07-11 | There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below. |
| CVE-2021-29103 | 2021-07-11 | There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. |
| CVE-2021-29102 | 2021-07-11 | There is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below. |
| CVE-2021-29104 | 2021-07-11 | There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. |
| CVE-2021-22918 | 2021-07-12 | Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether... |
| CVE-2021-26099 | 2021-07-12 | Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by... |
| CVE-2021-22515 | 2021-07-12 | Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server |
| CVE-2021-22921 | 2021-07-12 | Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows... |
| CVE-2021-22916 | 2021-07-12 | In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system... |
| CVE-2021-22917 | 2021-07-12 | Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. |
| CVE-2021-3547 | 2021-07-12 | OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the... |
| CVE-2021-27293 | 2021-07-12 | RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string,... |