CVE List - 2021 / August
Showing 1401 - 1500 of 2087 CVEs for August 2021 (Page 15 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-28643 | 2021-08-20 | Adobe Acrobat Pro DC embedDocAsDataObject Type Confusion Information Disclosure Vulnerability |
| CVE-2021-35983 | 2021-08-20 | Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-35985 | 2021-08-20 | Adobe Acrobat Pro DC PDFLibTool Null Pointer Dereference Bug |
| CVE-2021-35981 | 2021-08-20 | Adobe Acrobat Reader DC launchURL Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-35986 | 2021-08-20 | Adobe Acrobat Pro DC getAnnot Type Confusion Information Disclosure Vulnerability |
| CVE-2021-35987 | 2021-08-20 | Adobe Acrobat Pro DC PDFLibTool Out-of-Bound Read |
| CVE-2021-35984 | 2021-08-20 | Adobe Acrobat Pro DC PDFLibTool Null Pointer Dereference Bug |
| CVE-2021-35988 | 2021-08-20 | Adobe Acrobat Pro DC Out-of-Bounds Read Bug |
| CVE-2021-35989 | 2021-08-20 | Adobe Bridge PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-35991 | 2021-08-20 | Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-35997 | 2021-08-20 | Adobe Premiere Pro Memory Corruption Remote Code Execution Vulnerability |
| CVE-2021-35990 | 2021-08-20 | Adobe Bridge JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-35992 | 2021-08-20 | Adobe Bridge PostScript Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-36000 | 2021-08-20 | Adobe Character Animator Memory Corruption Arbitrary Code Execution Vulnerability |
| CVE-2021-35999 | 2021-08-20 | Adobe Prelude Memory Corruption Remote Code Execution Vulnerability |
| CVE-2021-36001 | 2021-08-20 | Adobe Character Animator PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-36005 | 2021-08-20 | Adobe Photoshop PSD File Parsing Stack Overflow Vulnerability |
| CVE-2021-36007 | 2021-08-20 | Adobe Prelude MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-36006 | 2021-08-20 | Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-36009 | 2021-08-20 | Adobe Illustrator PDF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2021-36008 | 2021-08-20 | Adobe Illustrator PDF File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-36011 | 2021-08-20 | Adobe Illustrator improper neutralization of special elements used in an OS command |
| CVE-2021-36010 | 2021-08-20 | Adobe Illustrator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-36015 | 2021-08-20 | Adobe Media Encoder Memory Corruption Could Lead To Remote Code Execution |
| CVE-2021-36014 | 2021-08-20 | Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-36016 | 2021-08-20 | Adobe Media Encoder FLV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2020-25351 | 2021-08-20 | An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent... |
| CVE-2020-25352 | 2021-08-20 | A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering... |
| CVE-2020-25353 | 2021-08-20 | A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr... |
| CVE-2020-25359 | 2021-08-20 | An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path... |
| CVE-2020-27461 | 2021-08-20 | A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website... |
| CVE-2020-27464 | 2021-08-20 | An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. |
| CVE-2020-27466 | 2021-08-20 | An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2020-24130 | 2021-08-20 | A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. |
| CVE-2021-21826 | 2021-08-20 | A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a... |
| CVE-2021-21827 | 2021-08-20 | A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a... |
| CVE-2021-21828 | 2021-08-20 | A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in... |
| CVE-2021-38171 | 2021-08-21 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. |
| CVE-2021-39359 | 2021-08-22 | In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to... |
| CVE-2021-39361 | 2021-08-22 | In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to... |
| CVE-2021-39360 | 2021-08-22 | In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to... |
| CVE-2021-39358 | 2021-08-22 | In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to... |
| CVE-2021-39362 | 2021-08-22 | An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in... |
| CVE-2021-39365 | 2021-08-22 | In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to... |
| CVE-2021-39367 | 2021-08-22 | Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. |
| CVE-2021-39368 | 2021-08-22 | Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. |
| CVE-2020-18771 | 2021-08-23 | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. |
| CVE-2020-18773 | 2021-08-23 | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. |
| CVE-2020-18774 | 2021-08-23 | A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. |
| CVE-2020-36475 | 2021-08-23 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters... |
| CVE-2020-36476 | 2021-08-23 | An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application... |
| CVE-2020-36477 | 2021-08-23 | An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name... |
| CVE-2020-36478 | 2021-08-23 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size... |
| CVE-2021-37750 | 2021-08-23 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that... |
| CVE-2021-39144 | 2021-08-23 | XStream is vulnerable to a Remote Command Execution attack |
| CVE-2021-39371 | 2021-08-23 | An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1... |
| CVE-2021-38598 | 2021-08-23 | OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets,... |
| CVE-2021-39243 | 2021-08-23 | Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto... |
| CVE-2021-39244 | 2021-08-23 | Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0,... |
| CVE-2021-39245 | 2021-08-23 | Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto... |
| CVE-2021-39289 | 2021-08-23 | Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800,... |
| CVE-2021-39290 | 2021-08-23 | Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700,... |
| CVE-2021-39291 | 2021-08-23 | Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810,... |
| CVE-2021-35940 | 2021-08-23 | Regression of CVE-2017-12613 |
| CVE-2021-33598 | 2021-08-23 | Denial-of-Service (DoS) Vulnerability |
| CVE-2021-24486 | 2021-08-23 | Simple Social Media Share Buttons < 3.2.3 - Contributor+ Stored XSS |
| CVE-2021-24497 | 2021-08-23 | Giveaway <= 1.2.2 - Authenticated SQL Injection |
| CVE-2021-24506 | 2021-08-23 | Slider Hero < 8.2.7 - Contributor+ SQL Injection |
| CVE-2021-24524 | 2021-08-23 | GiveWP < 2.12.0 - Authenticated Stored XSS |
| CVE-2021-24529 | 2021-08-23 | Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS) |
| CVE-2021-24531 | 2021-08-23 | Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24533 | 2021-08-23 | Maintenance < 4.03 - Authenticated Stored XSS |
| CVE-2021-24547 | 2021-08-23 | KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS |
| CVE-2021-24549 | 2021-08-23 | AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access |
| CVE-2021-24550 | 2021-08-23 | Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection |
| CVE-2021-24551 | 2021-08-23 | Edit Comments <= 0.3 - Unauthenticated SQL Injection |
| CVE-2021-24552 | 2021-08-23 | Simple Events Calendar <= 1.4.0 - Authenticated (admin+) SQL Injection |
| CVE-2021-24553 | 2021-08-23 | Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection |
| CVE-2021-24554 | 2021-08-23 | Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection |
| CVE-2021-24555 | 2021-08-23 | Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection |
| CVE-2021-24556 | 2021-08-23 | Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24557 | 2021-08-23 | M-vSlider <= 2.1.3 - Authenticated (admin+) SQL Injection |
| CVE-2021-24558 | 2021-08-23 | Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24561 | 2021-08-23 | WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24562 | 2021-08-23 | LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR |
| CVE-2021-24564 | 2021-08-23 | WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS |
| CVE-2021-24565 | 2021-08-23 | Contact Form 7 Captcha < 0.0.9 - CSRF to Stored XSS |
| CVE-2021-24571 | 2021-08-23 | HD Quiz < 1.8.4 - Authenticated Stored XSS |
| CVE-2021-24574 | 2021-08-23 | Simple Banner < 2.10.4 - Authenticated Stored XSS |
| CVE-2021-24602 | 2021-08-23 | HM Multiple Roles < 1.3 - Arbitrary Role Change |
| CVE-2021-24658 | 2021-08-23 | Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-3693 | 2021-08-23 | Cross-site Scripting (XSS) - DOM in ledgersmb/ledgersmb |
| CVE-2021-3694 | 2021-08-23 | Cross-site Scripting (XSS) - Reflected in ledgersmb/ledgersmb |
| CVE-2021-3728 | 2021-08-23 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3729 | 2021-08-23 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3730 | 2021-08-23 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3731 | 2021-08-23 | Improper Restriction of Rendered UI Layers or Frames in ledgersmb/ledgersmb |
| CVE-2021-35465 | 2021-08-23 | Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a... |
| CVE-2021-29704 | 2021-08-23 | IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
| CVE-2021-29802 | 2021-08-23 | IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |