CVE List - 2021 / August
Showing 1301 - 1400 of 2087 CVEs for August 2021 (Page 14 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-23425 | 2021-08-18 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-23424 | 2021-08-18 | Regular Expression Denial of Service (ReDoS) |
| CVE-2020-23069 | 2021-08-18 | Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. |
| CVE-2020-28146 | 2021-08-18 | Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. |
| CVE-2020-18875 | 2021-08-18 | Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. |
| CVE-2021-39283 | 2021-08-18 | liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. |
| CVE-2021-39282 | 2021-08-18 | Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. |
| CVE-2021-37617 | 2021-08-18 | Untrusted Search Path in Nextcloud Desktop Client |
| CVE-2021-39286 | 2021-08-18 | Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped. |
| CVE-2020-22122 | 2021-08-18 | A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. |
| CVE-2020-22124 | 2021-08-18 | A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. |
| CVE-2020-22120 | 2021-08-18 | A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. |
| CVE-2021-25218 | 2021-08-18 | A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use |
| CVE-2020-19669 | 2021-08-18 | Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. |
| CVE-2020-25926 | 2021-08-18 | The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The... |
| CVE-2020-25927 | 2021-08-18 | The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall().... |
| CVE-2020-25767 | 2021-08-18 | An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within... |
| CVE-2020-25928 | 2021-08-18 | The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer().... |
| CVE-2021-39270 | 2021-08-18 | In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur. |
| CVE-2021-1561 | 2021-08-18 | Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability |
| CVE-2021-34715 | 2021-08-18 | Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability |
| CVE-2021-34716 | 2021-08-18 | Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability |
| CVE-2021-34730 | 2021-08-18 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability |
| CVE-2021-34734 | 2021-08-18 | Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability |
| CVE-2021-34749 | 2021-08-18 | Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability |
| CVE-2021-34745 | 2021-08-18 | AppDynamics .NET Agent Privilege Escalation Vulnerability |
| CVE-2020-22345 | 2021-08-18 | /graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter. |
| CVE-2021-32588 | 2021-08-18 | A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker... |
| CVE-2021-39138 | 2021-08-18 | New anonymous user session acts as if it's created with password |
| CVE-2021-24038 | 2021-08-18 | Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects... |
| CVE-2021-32602 | 2021-08-18 | An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2... |
| CVE-2020-18899 | 2021-08-19 | An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. |
| CVE-2021-31338 | 2021-08-19 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a... |
| CVE-2021-31226 | 2021-08-19 | An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation.... |
| CVE-2021-31227 | 2021-08-19 | An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer... |
| CVE-2021-31228 | 2021-08-19 | An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that... |
| CVE-2021-31400 | 2021-08-19 | An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of... |
| CVE-2021-27565 | 2021-08-19 | The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as... |
| CVE-2021-36762 | 2021-08-19 | An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call... |
| CVE-2020-35683 | 2021-08-19 | An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to... |
| CVE-2020-35684 | 2021-08-19 | An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to... |
| CVE-2020-35685 | 2021-08-19 | An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result,... |
| CVE-2021-31401 | 2021-08-19 | An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length... |
| CVE-2021-39274 | 2021-08-19 | In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results... |
| CVE-2021-39273 | 2021-08-19 | In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary... |
| CVE-2021-27999 | 2021-08-19 | A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data... |
| CVE-2021-28000 | 2021-08-19 | A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the... |
| CVE-2021-28001 | 2021-08-19 | A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL... |
| CVE-2021-28002 | 2021-08-19 | A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the... |
| CVE-2021-37698 | 2021-08-19 | Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer |
| CVE-2021-27822 | 2021-08-19 | A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2021-31868 | 2021-08-19 | Rapid7 Nexpose Security Console Ticket Access Authentication Vulnerability |
| CVE-2021-34645 | 2021-08-19 | Shopping Cart & eCommerce Store <= 5.1.0 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-29280 | 2021-08-19 | In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow |
| CVE-2020-18748 | 2021-08-19 | Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a... |
| CVE-2021-39302 | 2021-08-19 | MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. |
| CVE-2020-20642 | 2021-08-19 | Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. |
| CVE-2020-20645 | 2021-08-19 | Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. |
| CVE-2021-28490 | 2021-08-19 | In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. |
| CVE-2021-37598 | 2021-08-19 | WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character. |
| CVE-2021-37597 | 2021-08-19 | WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation. |
| CVE-2020-18897 | 2021-08-19 | An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file. |
| CVE-2020-18898 | 2021-08-19 | A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. |
| CVE-2020-18900 | 2021-08-19 | A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub |
| CVE-2020-18877 | 2021-08-20 | SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. |
| CVE-2020-18878 | 2021-08-20 | Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'. |
| CVE-2020-18879 | 2021-08-20 | Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. |
| CVE-2020-18885 | 2021-08-20 | Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. |
| CVE-2020-18886 | 2021-08-20 | Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. |
| CVE-2020-36474 | 2021-08-20 | SafeCurl before 0.9.2 has a DNS rebinding vulnerability. |
| CVE-2021-34207 | 2021-08-20 | Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email",... |
| CVE-2021-34215 | 2021-08-20 | Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. |
| CVE-2021-34218 | 2021-08-20 | Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. |
| CVE-2021-34220 | 2021-08-20 | Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. |
| CVE-2021-34223 | 2021-08-20 | Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. |
| CVE-2021-34228 | 2021-08-20 | Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. |
| CVE-2021-34433 | 2021-08-20 | In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client... |
| CVE-2021-21823 | 2021-08-20 | An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure... |
| CVE-2021-36748 | 2021-08-20 | A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via... |
| CVE-2021-35529 | 2021-08-20 | Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB) |
| CVE-2021-22254 | 2021-08-20 | Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9. |
| CVE-2021-22246 | 2021-08-20 | A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. |
| CVE-2021-22238 | 2021-08-20 | An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues. |
| CVE-2021-22255 | 2021-08-20 | SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. |
| CVE-2021-28590 | 2021-08-20 | Adobe Media Encoder VOB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-28593 | 2021-08-20 | Adobe Illustrator PostScript Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-28592 | 2021-08-20 | Adobe Illustrator JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-28589 | 2021-08-20 | Adobe Media Encoder TS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-28624 | 2021-08-20 | Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2021-28591 | 2021-08-20 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-28595 | 2021-08-20 | Adobe Dimension Uncontrolled Search Path Element Could Lead To Remote Code Execution |
| CVE-2021-28634 | 2021-08-20 | Adobe Acrobat Reader AcrobatUtils.scpt Extension OS Command Injection Vulnerability |
| CVE-2021-28637 | 2021-08-20 | Adobe Acrobat Pro DC PDFLibTool Out-of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-28635 | 2021-08-20 | Adobe Acrobat Reader Use-After-Free Vulnerability |
| CVE-2021-28636 | 2021-08-20 | Adobe Acrobat Reader Unquoted Search Path Vulnerability |
| CVE-2021-28639 | 2021-08-20 | Adobe Acrobat Reader DC setAction Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-28638 | 2021-08-20 | Adobe Acrobat Reader DC PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2021-28641 | 2021-08-20 | Adobe Acrobat Reader Use-After-Free Arbitrary Code Execution Vulnerability |
| CVE-2021-28642 | 2021-08-20 | Adobe Acrobat Pro DC Out-of-Bounds Write Arbitrary Code Execution Vulnerability |
| CVE-2021-28640 | 2021-08-20 | Adobe Acrobat Reader Use-After-Free Arbitrary Code Execution Vulnerability |