CVE List - 2021 / August
Showing 1 - 100 of 2087 CVEs for August 2021 (Page 1 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24444 | 2021-08-02 | TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-33196 | 2021-08-02 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. |
| CVE-2017-18113 | 2021-08-02 | The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary... |
| CVE-2021-35477 | 2021-08-02 | In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation... |
| CVE-2021-34556 | 2021-08-02 | In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the... |
| CVE-2021-3351 | 2021-08-02 | OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. |
| CVE-2021-33526 | 2021-08-02 | Privilege escalation in mbDIALUP <= 3.9R0.0 |
| CVE-2021-33527 | 2021-08-02 | OS Command Injection in mbDIALUP <= 3.9R0.0 |
| CVE-2021-34574 | 2021-08-02 | Password policy evasion in products of MB connect line and Helmholz |
| CVE-2021-34575 | 2021-08-02 | Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0 |
| CVE-2021-24371 | 2021-08-02 | RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF |
| CVE-2021-24425 | 2021-08-02 | myStickymenu < 2.5.2 - Authenticated Stored XSS |
| CVE-2021-24428 | 2021-08-02 | RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS |
| CVE-2021-24430 | 2021-08-02 | Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE |
| CVE-2021-24443 | 2021-08-02 | Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography |
| CVE-2021-24448 | 2021-08-02 | Profile Builder < 3.4.8 - Authenticated Stored XSS |
| CVE-2021-24450 | 2021-08-02 | ProfilePress < 3.1.8 - Authenticated Stored XSS |
| CVE-2021-24455 | 2021-08-02 | Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24456 | 2021-08-02 | Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections |
| CVE-2021-24457 | 2021-08-02 | Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections |
| CVE-2021-24458 | 2021-08-02 | Popup box < 2.3.4 - Authenticated Blind SQL Injections |
| CVE-2021-24459 | 2021-08-02 | Survey Maker < 1.5.6 - Authenticated Blind SQL Injections |
| CVE-2021-24460 | 2021-08-02 | Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections |
| CVE-2021-24461 | 2021-08-02 | FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections |
| CVE-2021-24462 | 2021-08-02 | Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections |
| CVE-2021-24463 | 2021-08-02 | Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection |
| CVE-2021-24464 | 2021-08-02 | YouTube Embed, Playlist and Popup < 2.3.9 - Contributor+ Stored XSS |
| CVE-2021-24468 | 2021-08-02 | Leaflet Map < 3.0.0 - Contributor+ Stored XSS |
| CVE-2021-24470 | 2021-08-02 | Yada Wiki < 3.4.1 - Contributor+ Stored XSS |
| CVE-2021-24472 | 2021-08-02 | Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF |
| CVE-2021-24473 | 2021-08-02 | User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR |
| CVE-2021-24474 | 2021-08-02 | Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS) |
| CVE-2021-24476 | 2021-08-02 | Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24477 | 2021-08-02 | Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24478 | 2021-08-02 | Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24479 | 2021-08-02 | DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24480 | 2021-08-02 | Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS) |
| CVE-2021-24481 | 2021-08-02 | Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24483 | 2021-08-02 | Poll Maker < 3.2.1 - Authenticated Blind SQL Injections |
| CVE-2021-24484 | 2021-08-02 | Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections |
| CVE-2021-24488 | 2021-08-02 | Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24492 | 2021-08-02 | Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection |
| CVE-2021-24496 | 2021-08-02 | Community Event < 1.4.8 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24498 | 2021-08-02 | Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24503 | 2021-08-02 | Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS |
| CVE-2021-24504 | 2021-08-02 | WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS) |
| CVE-2021-37165 | 2021-08-02 | A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent... |
| CVE-2021-37216 | 2021-08-02 | QSAN Storage Manager - Reflected Cross-Site Scripting |
| CVE-2021-37161 | 2021-08-02 | A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer... |
| CVE-2021-37160 | 2021-08-02 | A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation... |
| CVE-2021-37166 | 2021-08-02 | A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7.... |
| CVE-2021-37167 | 2021-08-02 | An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using... |
| CVE-2021-37163 | 2021-08-02 | An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts... |
| CVE-2021-37164 | 2021-08-02 | A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the... |
| CVE-2021-37162 | 2021-08-02 | A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a... |
| CVE-2021-20332 | 2021-08-02 | MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application |
| CVE-2021-37840 | 2021-08-02 | aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one... |
| CVE-2021-29741 | 2021-08-02 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478. |
| CVE-2021-22552 | 2021-08-02 | Memory overread secure enclave in Asylo 0.6.2 |
| CVE-2021-29757 | 2021-08-02 | IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2021-22396 | 2021-08-02 | There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products.... |
| CVE-2021-22398 | 2021-08-02 | There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker... |
| CVE-2021-22397 | 2021-08-02 | There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by... |
| CVE-2021-20539 | 2021-08-02 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used... |
| CVE-2021-20540 | 2021-08-02 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used... |
| CVE-2021-20541 | 2021-08-02 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used... |
| CVE-2021-29696 | 2021-08-02 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially... |
| CVE-2021-29697 | 2021-08-02 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used... |
| CVE-2021-22381 | 2021-08-02 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause an infinite loop in DoS. |
| CVE-2021-22379 | 2021-08-02 | There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr. |
| CVE-2021-22384 | 2021-08-02 | There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. |
| CVE-2021-22387 | 2021-08-02 | There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands. |
| CVE-2021-22388 | 2021-08-02 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. |
| CVE-2021-22389 | 2021-08-02 | There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. |
| CVE-2021-22390 | 2021-08-02 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. |
| CVE-2021-22391 | 2021-08-02 | There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. |
| CVE-2021-22392 | 2021-08-02 | There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses. |
| CVE-2021-22412 | 2021-08-02 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access. |
| CVE-2021-22413 | 2021-08-02 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. |
| CVE-2021-22414 | 2021-08-02 | There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. |
| CVE-2021-22415 | 2021-08-02 | There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code. |
| CVE-2021-22427 | 2021-08-02 | There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. |
| CVE-2021-22428 | 2021-08-02 | There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. |
| CVE-2021-22435 | 2021-08-02 | There is a Configuration Defect Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. |
| CVE-2021-22438 | 2021-08-02 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. |
| CVE-2021-22442 | 2021-08-02 | There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. |
| CVE-2021-22443 | 2021-08-02 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access. |
| CVE-2021-22444 | 2021-08-02 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection. |
| CVE-2021-22445 | 2021-08-02 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. |
| CVE-2021-22446 | 2021-08-02 | There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. |
| CVE-2021-22447 | 2021-08-02 | There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. |
| CVE-2021-3673 | 2021-08-02 | A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. |
| CVE-2021-32806 | 2021-08-02 | URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal |
| CVE-2021-32810 | 2021-08-02 | Data race in crossbeam-deque |
| CVE-2021-37843 | 2021-08-02 | The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided).... |
| CVE-2021-33195 | 2021-08-02 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection... |
| CVE-2021-33197 | 2021-08-02 | In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. |
| CVE-2021-33198 | 2021-08-02 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. |
| CVE-2021-35450 | 2021-08-02 | A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute |
| CVE-2021-37847 | 2021-08-02 | crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. |