CVE List - 2021 / August
Showing 1701 - 1800 of 2087 CVEs for August 2021 (Page 18 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-30959 | 2021-08-24 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may... |
| CVE-2021-30960 | 2021-08-24 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously... |
| CVE-2021-30961 | 2021-08-24 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may... |
| CVE-2021-30962 | 2021-08-24 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to... |
| CVE-2021-30963 | 2021-08-24 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may... |
| CVE-2021-30964 | 2021-08-24 | An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able... |
| CVE-2021-30965 | 2021-08-24 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be... |
| CVE-2021-30966 | 2021-08-24 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly... |
| CVE-2021-30967 | 2021-08-24 | Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A local attacker may be able to read sensitive information. |
| CVE-2021-30968 | 2021-08-24 | A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update... |
| CVE-2021-30969 | 2021-08-24 | A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected... |
| CVE-2021-30970 | 2021-08-24 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy... |
| CVE-2021-30971 | 2021-08-24 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008... |
| CVE-2021-30972 | 2021-08-24 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy... |
| CVE-2021-30973 | 2021-08-24 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina.... |
| CVE-2021-30975 | 2021-08-24 | This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2.... |
| CVE-2021-30976 | 2021-08-24 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass... |
| CVE-2021-30977 | 2021-08-24 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be... |
| CVE-2021-30979 | 2021-08-24 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008... |
| CVE-2021-30980 | 2021-08-24 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS... |
| CVE-2021-30981 | 2021-08-24 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able... |
| CVE-2021-30982 | 2021-08-24 | A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able... |
| CVE-2021-30983 | 2021-08-24 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with... |
| CVE-2021-30984 | 2021-08-24 | A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously... |
| CVE-2021-30985 | 2021-08-24 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code... |
| CVE-2021-30986 | 2021-08-24 | A device configuration issue was addressed with an updated configuration. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked by its Bluetooth MAC address. |
| CVE-2021-30987 | 2021-08-24 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs. |
| CVE-2021-30988 | 2021-08-24 | Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications... |
| CVE-2021-30990 | 2021-08-24 | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper... |
| CVE-2021-30991 | 2021-08-24 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with... |
| CVE-2021-30992 | 2021-08-24 | This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive... |
| CVE-2021-30993 | 2021-08-24 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in... |
| CVE-2021-30994 | 2021-08-24 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. |
| CVE-2021-30995 | 2021-08-24 | A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and... |
| CVE-2021-30996 | 2021-08-24 | A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute... |
| CVE-2021-30997 | 2021-08-24 | A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS... |
| CVE-2021-30998 | 2021-08-24 | A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS... |
| CVE-2021-30999 | 2021-08-24 | The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history. |
| CVE-2021-31000 | 2021-08-24 | A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be... |
| CVE-2021-31001 | 2021-08-24 | An access issue was addressed with improved access restrictions. This issue is fixed in iOS 15 and iPadOS 15. An attacker in a privileged network position may be able to... |
| CVE-2021-31002 | 2021-08-24 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary... |
| CVE-2021-31004 | 2021-08-24 | A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. |
| CVE-2021-31005 | 2021-08-24 | Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may... |
| CVE-2021-31006 | 2021-08-24 | Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass... |
| CVE-2021-31007 | 2021-08-24 | Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1.... |
| CVE-2021-31008 | 2021-08-24 | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing... |
| CVE-2021-31009 | 2021-08-24 | Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5. |
| CVE-2021-31010 | 2021-08-24 | A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2.... |
| CVE-2021-31013 | 2021-08-24 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted... |
| CVE-2021-39509 | 2021-08-24 | An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete... |
| CVE-2021-39510 | 2021-08-24 | An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string... |
| CVE-2020-18913 | 2021-08-24 | EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. |
| CVE-2020-18917 | 2021-08-24 | The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. |
| CVE-2021-32777 | 2021-08-24 | Incorrect concatenation of multiple value request headers in ext-authz extension |
| CVE-2021-32778 | 2021-08-24 | Excessive CPU utilization when closing HTTP/2 streams |
| CVE-2021-32779 | 2021-08-24 | Incorrectly handling of URI '#fragment' element as part of the path element |
| CVE-2021-32781 | 2021-08-24 | Continued processing of requests after locally generated response |
| CVE-2021-32780 | 2021-08-24 | Incorrect handling of H/2 GOAWAY followed by SETTINGS frames |
| CVE-2021-39155 | 2021-08-24 | Authorization Policy Bypass Due to Case Insensitive Host Comparison |
| CVE-2021-39156 | 2021-08-24 | Fragments in Path May Lead to Authorization Policy Bypass |
| CVE-2021-3605 | 2021-08-25 | There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause... |
| CVE-2021-40084 | 2021-08-25 | opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers... |
| CVE-2021-40083 | 2021-08-25 | Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). |
| CVE-2021-40089 | 2021-08-25 | An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able... |
| CVE-2021-40088 | 2021-08-25 | An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate... |
| CVE-2021-40087 | 2021-08-25 | An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret... |
| CVE-2021-40086 | 2021-08-25 | An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a... |
| CVE-2021-39112 | 2021-08-25 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The... |
| CVE-2021-33882 | 2021-08-25 | A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of... |
| CVE-2021-33883 | 2021-08-25 | A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed... |
| CVE-2021-33884 | 2021-08-25 | An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device... |
| CVE-2021-33885 | 2021-08-25 | An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in... |
| CVE-2021-33886 | 2021-08-25 | An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight... |
| CVE-2021-33605 | 2021-08-25 | Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 |
| CVE-2018-10790 | 2021-08-25 | The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac. |
| CVE-2020-18971 | 2021-08-25 | Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. |
| CVE-2020-18972 | 2021-08-25 | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. |
| CVE-2020-18974 | 2021-08-25 | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. |
| CVE-2020-18976 | 2021-08-25 | Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to... |
| CVE-2021-39136 | 2021-08-25 | Cross-site scripting vulnerability in file upload |
| CVE-2021-39160 | 2021-08-25 | Code injection in nbgitpuller |
| CVE-2021-32995 | 2021-08-25 | Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability... |
| CVE-2021-32975 | 2021-08-25 | Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability... |
| CVE-2021-33015 | 2021-08-25 | Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker... |
| CVE-2021-21869 | 2021-08-25 | An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution.... |
| CVE-2021-21835 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated... |
| CVE-2021-21834 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for... |
| CVE-2021-39159 | 2021-08-25 | Remote code execution in Binderhub |
| CVE-2021-21836 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code... |
| CVE-2021-21840 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom... |
| CVE-2021-21842 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow... |
| CVE-2021-21841 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using... |
| CVE-2021-21849 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow... |
| CVE-2021-21848 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with... |
| CVE-2021-21850 | 2021-08-25 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow... |
| CVE-2021-21778 | 2021-08-25 | A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An... |
| CVE-2021-22250 | 2021-08-25 | Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account |
| CVE-2021-31989 | 2021-08-25 | A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager... |
| CVE-2021-22256 | 2021-08-25 | Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status |
| CVE-2021-22245 | 2021-08-25 | Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view |