CVE List - 2021 / August
Showing 1801 - 1900 of 2087 CVEs for August 2021 (Page 19 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-22247 | 2021-08-25 | Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics |
| CVE-2021-22244 | 2021-08-25 | Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data |
| CVE-2021-22243 | 2021-08-25 | Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. |
| CVE-2021-22237 | 2021-08-25 | Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before... |
| CVE-2021-22242 | 2021-08-25 | Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown |
| CVE-2021-22236 | 2021-08-25 | Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. |
| CVE-2021-3713 | 2021-08-25 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked,... |
| CVE-2021-1523 | 2021-08-25 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability |
| CVE-2021-1577 | 2021-08-25 | Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability |
| CVE-2021-1578 | 2021-08-25 | Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability |
| CVE-2021-1579 | 2021-08-25 | Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability |
| CVE-2021-1580 | 2021-08-25 | Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities |
| CVE-2021-1581 | 2021-08-25 | Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities |
| CVE-2021-1582 | 2021-08-25 | Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability |
| CVE-2021-1583 | 2021-08-25 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability |
| CVE-2021-1584 | 2021-08-25 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability |
| CVE-2021-1586 | 2021-08-25 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability |
| CVE-2021-1587 | 2021-08-25 | Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability |
| CVE-2021-1588 | 2021-08-25 | Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability |
| CVE-2021-1590 | 2021-08-25 | Cisco NX-OS Software system login block-for Denial of Service Vulnerability |
| CVE-2021-1591 | 2021-08-25 | Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability |
| CVE-2021-1592 | 2021-08-25 | Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability |
| CVE-2020-18065 | 2021-08-25 | Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu. |
| CVE-2020-19547 | 2021-08-25 | Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. |
| CVE-2021-28070 | 2021-08-25 | Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. |
| CVE-2021-37154 | 2021-08-25 | In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. |
| CVE-2021-37153 | 2021-08-25 | ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. |
| CVE-2021-37334 | 2021-08-25 | Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion.... |
| CVE-2021-40145 | 2021-08-26 | gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format... |
| CVE-2021-20793 | 2021-08-26 | Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain... |
| CVE-2021-20808 | 2021-08-26 | Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type... |
| CVE-2021-20809 | 2021-08-26 | Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier... |
| CVE-2021-20810 | 2021-08-26 | Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable... |
| CVE-2021-20811 | 2021-08-26 | Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series),... |
| CVE-2021-20812 | 2021-08-26 | Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44... |
| CVE-2021-20813 | 2021-08-26 | Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier... |
| CVE-2021-20814 | 2021-08-26 | Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and... |
| CVE-2021-20815 | 2021-08-26 | Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable... |
| CVE-2020-19703 | 2021-08-26 | A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2020-19704 | 2021-08-26 | A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19709 | 2021-08-26 | Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload. |
| CVE-2020-19705 | 2021-08-26 | thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add. |
| CVE-2020-19821 | 2021-08-26 | A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter. |
| CVE-2020-19822 | 2021-08-26 | A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. |
| CVE-2020-14161 | 2021-08-26 | It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. |
| CVE-2020-14160 | 2021-08-26 | An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet... |
| CVE-2021-27944 | 2021-08-26 | Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to... |
| CVE-2021-38559 | 2021-08-26 | DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. |
| CVE-2021-3734 | 2021-08-26 | Improper Restriction of Rendered UI Layers or Frames in yourls/yourls |
| CVE-2021-36352 | 2021-08-26 | Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters. |
| CVE-2021-32076 | 2021-08-26 | Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass |
| CVE-2021-40147 | 2021-08-26 | EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198. |
| CVE-2021-30590 | 2021-08-26 | Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30591 | 2021-08-26 | Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30592 | 2021-08-26 | Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of... |
| CVE-2021-30593 | 2021-08-26 | Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of... |
| CVE-2021-30594 | 2021-08-26 | Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. |
| CVE-2021-30596 | 2021-08-26 | Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2021-30597 | 2021-08-26 | Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. |
| CVE-2021-36928 | 2021-08-26 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2021-36929 | 2021-08-26 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2021-36931 | 2021-08-26 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2020-18467 | 2021-08-26 | Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing... |
| CVE-2020-18468 | 2021-08-26 | Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing... |
| CVE-2020-18469 | 2021-08-26 | Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script... |
| CVE-2020-18470 | 2021-08-26 | Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2020-18475 | 2021-08-26 | Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and... |
| CVE-2020-18476 | 2021-08-26 | SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. |
| CVE-2020-18477 | 2021-08-26 | SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. |
| CVE-2021-30598 | 2021-08-26 | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2021-30599 | 2021-08-26 | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2021-30600 | 2021-08-26 | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2021-30601 | 2021-08-26 | Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2021-30602 | 2021-08-26 | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a... |
| CVE-2021-30603 | 2021-08-26 | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30604 | 2021-08-26 | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-32648 | 2021-08-26 | Account Takeover in Octobercms |
| CVE-2021-29487 | 2021-08-26 | Authentication bypass in Octobercms |
| CVE-2021-29715 | 2021-08-26 | IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018. |
| CVE-2021-29727 | 2021-08-26 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106. |
| CVE-2021-29772 | 2021-08-26 | IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. |
| CVE-2021-29801 | 2021-08-26 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. |
| CVE-2021-29862 | 2021-08-26 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID:... |
| CVE-2021-37715 | 2021-08-26 | A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this... |
| CVE-2021-39161 | 2021-08-26 | Cross-site scripting via category name in Discourse |
| CVE-2021-39165 | 2021-08-26 | Unauthenticated SQL Injection |
| CVE-2020-20675 | 2021-08-26 | Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. |
| CVE-2021-39168 | 2021-08-26 | TimelockController vulnerability in OpenZeppelin Contracts |
| CVE-2021-39167 | 2021-08-26 | TimelockController vulnerability in OpenZeppelin Contracts |
| CVE-2020-23226 | 2021-08-27 | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. |
| CVE-2021-40153 | 2021-08-27 | squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is... |
| CVE-2021-40142 | 2021-08-27 | In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory... |
| CVE-2021-35342 | 2021-08-27 | The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token... |
| CVE-2021-39169 | 2021-08-27 | XSS vulnerability using dialog |
| CVE-2021-29744 | 2021-08-27 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-36531 | 2021-08-27 | ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. |
| CVE-2021-36530 | 2021-08-27 | ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. |
| CVE-2021-23434 | 2021-08-27 | Prototype Pollution |
| CVE-2021-32758 | 2021-08-27 | Layout XML Arbitrary Code Fix |
| CVE-2021-3264 | 2021-08-27 | SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. |