CVE List - 2021 / July
Showing 601 - 700 of 1581 CVEs for July 2021 (Page 7 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-20366 | 2021-07-13 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-20368 | 2021-07-13 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-20369 | 2021-07-13 | IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. |
| CVE-2021-20422 | 2021-07-13 | IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304. |
| CVE-2021-20423 | 2021-07-13 | IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. |
| CVE-2021-20424 | 2021-07-13 | IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be... |
| CVE-2020-20252 | 2021-07-13 | Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). |
| CVE-2021-36214 | 2021-07-13 | LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. |
| CVE-2021-31217 | 2021-07-13 | In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. |
| CVE-2021-22000 | 2021-07-13 | VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate... |
| CVE-2021-21994 | 2021-07-13 | SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to... |
| CVE-2021-21995 | 2021-07-13 | OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to... |
| CVE-2021-32755 | 2021-07-13 | Certificate pinning is not enforced on the web socket connection |
| CVE-2020-19717 | 2021-07-13 | An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). |
| CVE-2020-19718 | 2021-07-13 | An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). |
| CVE-2020-19719 | 2021-07-13 | A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). |
| CVE-2020-19720 | 2021-07-13 | An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). |
| CVE-2020-19721 | 2021-07-13 | A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). |
| CVE-2020-19722 | 2021-07-13 | An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). |
| CVE-2021-24119 | 2021-07-14 | In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel... |
| CVE-2021-20747 | 2021-07-14 | Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote... |
| CVE-2021-20748 | 2021-07-14 | Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability,... |
| CVE-2021-20781 | 2021-07-14 | Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of... |
| CVE-2021-20782 | 2021-07-14 | Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2021-20784 | 2021-07-14 | HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that... |
| CVE-2021-36373 | 2021-07-14 | Apache Ant TAR archive denial of service vulnerability |
| CVE-2021-36374 | 2021-07-14 | Apache Ant ZIP, and ZIP based, archive denial of service vulerability |
| CVE-2021-25953 | 2021-07-14 | Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2021-22318 | 2021-07-14 | A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service. |
| CVE-2021-33667 | 2021-07-14 | Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a... |
| CVE-2021-33671 | 2021-07-14 | SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The... |
| CVE-2021-33680 | 2021-07-14 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash... |
| CVE-2021-33676 | 2021-07-14 | A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability... |
| CVE-2021-33677 | 2021-07-14 | SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. |
| CVE-2021-33681 | 2021-07-14 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application... |
| CVE-2021-33670 | 2021-07-14 | SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types... |
| CVE-2021-33678 | 2021-07-14 | A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F,... |
| CVE-2021-33684 | 2021-07-14 | SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22,... |
| CVE-2021-33689 | 2021-07-14 | When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity... |
| CVE-2021-33683 | 2021-07-14 | SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22,... |
| CVE-2021-33687 | 2021-07-14 | SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction... |
| CVE-2021-33682 | 2021-07-14 | SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to store a... |
| CVE-2021-35469 | 2021-07-14 | The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. |
| CVE-2021-24116 | 2021-07-14 | In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on... |
| CVE-2021-24117 | 2021-07-14 | In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and... |
| CVE-2021-35527 | 2021-07-14 | Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application |
| CVE-2021-0144 | 2021-07-14 | Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. |
| CVE-2019-11098 | 2021-07-14 | Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. |
| CVE-2021-33213 | 2021-07-14 | An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by... |
| CVE-2020-0417 | 2021-07-14 | In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User... |
| CVE-2021-0514 | 2021-07-14 | In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process... |
| CVE-2021-0515 | 2021-07-14 | In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with... |
| CVE-2021-0486 | 2021-07-14 | In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User... |
| CVE-2021-0441 | 2021-07-14 | In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2021-0590 | 2021-07-14 | In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could... |
| CVE-2021-33212 | 2021-07-14 | A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted... |
| CVE-2021-0599 | 2021-07-14 | In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no... |
| CVE-2021-0594 | 2021-07-14 | In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an... |
| CVE-2021-0597 | 2021-07-14 | In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2021-0518 | 2021-07-14 | In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0588 | 2021-07-14 | In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0602 | 2021-07-14 | In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead... |
| CVE-2021-0600 | 2021-07-14 | In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation... |
| CVE-2021-0604 | 2021-07-14 | In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional... |
| CVE-2021-0601 | 2021-07-14 | In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0589 | 2021-07-14 | In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2021-0596 | 2021-07-14 | In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional... |
| CVE-2021-0586 | 2021-07-14 | In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation... |
| CVE-2021-0603 | 2021-07-14 | In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with... |
| CVE-2021-0585 | 2021-07-14 | In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution... |
| CVE-2021-0587 | 2021-07-14 | In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0577 | 2021-07-14 | In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-33211 | 2021-07-14 | A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. |
| CVE-2021-0592 | 2021-07-14 | In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2020-20231 | 2021-07-14 | Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). |
| CVE-2021-0654 | 2021-07-14 | In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges... |
| CVE-2021-22778 | 2021-07-14 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of... |
| CVE-2021-22779 | 2021-07-14 | Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert... |
| CVE-2021-22780 | 2021-07-14 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of... |
| CVE-2021-22781 | 2021-07-14 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of... |
| CVE-2021-22782 | 2021-07-14 | Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all... |
| CVE-2020-25444 | 2021-07-14 | Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy”... |
| CVE-2020-27379 | 2021-07-14 | Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as... |
| CVE-2020-25445 | 2021-07-14 | The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As... |
| CVE-2021-36716 | 2021-07-14 | A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the... |
| CVE-2021-36740 | 2021-07-14 | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish... |
| CVE-2020-29146 | 2021-07-14 | A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field... |
| CVE-2020-29147 | 2021-07-14 | A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. |
| CVE-2021-31859 | 2021-07-14 | Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream. |
| CVE-2021-23407 | 2021-07-14 | Directory Traversal |
| CVE-2020-18144 | 2021-07-14 | SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php. |
| CVE-2020-18145 | 2021-07-14 | Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. |
| CVE-2021-31183 | 2021-07-14 | Windows TCP/IP Driver Denial of Service Vulnerability |
| CVE-2021-31196 | 2021-07-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-31206 | 2021-07-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-31947 | 2021-07-14 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2021-31961 | 2021-07-14 | Windows InstallService Elevation of Privilege Vulnerability |
| CVE-2021-31979 | 2021-07-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-31984 | 2021-07-14 | Power BI Remote Code Execution Vulnerability |
| CVE-2021-33740 | 2021-07-14 | Windows Media Remote Code Execution Vulnerability |