CVE List - 2021 / July
Showing 801 - 900 of 1581 CVEs for July 2021 (Page 9 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-34691 | 2021-07-15 | iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. |
| CVE-2021-34692 | 2021-07-15 | iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. |
| CVE-2021-34558 | 2021-07-15 | The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based... |
| CVE-2020-15496 | 2021-07-15 | Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. |
| CVE-2020-25593 | 2021-07-15 | Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. |
| CVE-2020-15495 | 2021-07-15 | Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. |
| CVE-2021-32739 | 2021-07-15 | Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities |
| CVE-2020-12731 | 2021-07-15 | The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. |
| CVE-2020-12730 | 2021-07-15 | MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. |
| CVE-2020-12729 | 2021-07-15 | MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. |
| CVE-2020-12734 | 2021-07-15 | DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to... |
| CVE-2020-12733 | 2021-07-15 | Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. |
| CVE-2020-12732 | 2021-07-15 | DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. |
| CVE-2021-27847 | 2021-07-15 | Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. |
| CVE-2021-27845 | 2021-07-15 | A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c |
| CVE-2021-20439 | 2021-07-15 | IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. |
| CVE-2021-29725 | 2021-07-15 | IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to... |
| CVE-2021-29749 | 2021-07-15 | IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the... |
| CVE-2021-32743 | 2021-07-15 | Passwords used to access external services inadvertently exposed through API |
| CVE-2021-21586 | 2021-07-15 | Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the... |
| CVE-2021-21587 | 2021-07-15 | Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files... |
| CVE-2021-32750 | 2021-07-15 | De-anonymization via message |
| CVE-2021-3042 | 2021-07-15 | Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation |
| CVE-2021-3043 | 2021-07-15 | Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console |
| CVE-2021-34429 | 2021-07-15 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This... |
| CVE-2020-11633 | 2021-07-15 | The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute... |
| CVE-2021-20496 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. |
| CVE-2021-20497 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 |
| CVE-2021-20498 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. |
| CVE-2021-20499 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be... |
| CVE-2021-20500 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. |
| CVE-2021-20510 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 |
| CVE-2021-20511 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../)... |
| CVE-2021-20523 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be... |
| CVE-2021-20524 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-20533 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 |
| CVE-2021-20534 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web... |
| CVE-2021-20537 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or... |
| CVE-2021-29699 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force... |
| CVE-2021-29742 | 2021-07-15 | IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. |
| CVE-2021-34827 | 2021-07-15 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2021-34828 | 2021-07-15 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2021-34829 | 2021-07-15 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2021-34830 | 2021-07-15 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2021-35056 | 2021-07-15 | Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. |
| CVE-2021-32770 | 2021-07-15 | Basic-auth app bundle credential exposure in gatsby-source-wordpress |
| CVE-2021-36753 | 2021-07-15 | sharkdp BAT before 0.18.2 executes less.exe from the current working directory. |
| CVE-2020-11632 | 2021-07-15 | The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. |
| CVE-2020-11634 | 2021-07-15 | The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary... |
| CVE-2021-0276 | 2021-07-15 | Steel-Belted Radius Carrier Edition: Remote code execution vulnerability when EAP Authentication is configured. |
| CVE-2021-0277 | 2021-07-15 | Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd |
| CVE-2021-0278 | 2021-07-15 | Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. |
| CVE-2021-0279 | 2021-07-15 | Contrail Cloud: Hardcoded credentials for RabbitMQ service |
| CVE-2021-0280 | 2021-07-15 | Junos OS: PTX Series, QFX10K Series: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine |
| CVE-2021-0281 | 2021-07-15 | Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI |
| CVE-2021-0282 | 2021-07-15 | Junos OS: RPD crash while processing a specific BGP UPDATE when Multipath or add-path features are enabled |
| CVE-2021-0283 | 2021-07-15 | Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) |
| CVE-2021-0285 | 2021-07-15 | Junos OS: QFX5000 Series and EX4600 Series: Continuous traffic destined to a device configured with MC-LAG leading to nodes losing their control connection which can impact traffic |
| CVE-2021-0286 | 2021-07-15 | Junos OS Evolved: Specially crafted packets may cause the AFT manager process to crash and restart |
| CVE-2021-0287 | 2021-07-15 | Junos OS and Junos OS Evolved: RPD could crash in SR-ISIS/MPLS environment due to a flap of an ISIS link in the network |
| CVE-2021-0288 | 2021-07-15 | Junos OS: MX Series, EX9200 Series: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs |
| CVE-2021-0289 | 2021-07-15 | Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted |
| CVE-2021-0290 | 2021-07-15 | Junos OS: MX Series, EX9200 Series, SRX4600: Ethernet interface vulnerable to specially crafted frames |
| CVE-2021-0291 | 2021-07-15 | Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service |
| CVE-2021-0292 | 2021-07-15 | Junos OS Evolved: Memory leak in arpd or ndp processes can lead to Denial of Service (DoS) |
| CVE-2021-0293 | 2021-07-15 | Junos OS: Out-of-memory condition and crashes can occur after executing a certain CLI command repeatedly |
| CVE-2021-0294 | 2021-07-15 | Junos OS: QFX5000 Series and EX4600 Series: Enhanced storm control might not work leading to partial Denial of Service |
| CVE-2021-0295 | 2021-07-15 | Junos OS: QFX10K Series: Denial of Service (DoS) upon receipt of DVMRP packets received on multi-homing ESI in VXLAN. |
| CVE-2021-32764 | 2021-07-15 | YouTube Onebox susceptible to XSS |
| CVE-2020-23705 | 2021-07-15 | A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. |
| CVE-2020-23706 | 2021-07-15 | A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. |
| CVE-2020-23707 | 2021-07-15 | A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. |
| CVE-2021-36755 | 2021-07-15 | Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. |
| CVE-2021-36758 | 2021-07-15 | 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create... |
| CVE-2021-32749 | 2021-07-16 | Possible RCE vulnerability in mailing action using mailutils (mail-whois) |
| CVE-2021-3647 | 2021-07-16 | Open Redirect in medialize/URI.js |
| CVE-2021-21820 | 2021-07-16 | A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a... |
| CVE-2021-21819 | 2021-07-16 | A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send... |
| CVE-2021-21818 | 2021-07-16 | A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker... |
| CVE-2021-21817 | 2021-07-16 | An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An... |
| CVE-2021-21816 | 2021-07-16 | An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send... |
| CVE-2021-21799 | 2021-07-16 | Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code... |
| CVE-2021-21800 | 2021-07-16 | Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code... |
| CVE-2021-21804 | 2021-07-16 | A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution.... |
| CVE-2021-21801 | 2021-07-16 | This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can... |
| CVE-2021-21802 | 2021-07-16 | This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can... |
| CVE-2021-21803 | 2021-07-16 | This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can... |
| CVE-2021-28114 | 2021-07-16 | Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. |
| CVE-2021-1422 | 2021-07-16 | Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability |
| CVE-2021-3649 | 2021-07-16 | Inefficient Regular Expression Complexity in chatwoot/chatwoot |
| CVE-2021-28054 | 2021-07-16 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or... |
| CVE-2021-28053 | 2021-07-16 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL... |
| CVE-2021-35961 | 2021-07-16 | TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials |
| CVE-2021-35962 | 2021-07-16 | TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal |
| CVE-2020-4675 | 2021-07-16 | IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the... |
| CVE-2020-4821 | 2021-07-16 | IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string.... |
| CVE-2020-4980 | 2021-07-16 | IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest.... |
| CVE-2021-32769 | 2021-07-16 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core |
| CVE-2021-34438 | 2021-07-16 | Windows Font Driver Host Remote Code Execution Vulnerability |
| CVE-2021-34439 | 2021-07-16 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |