CVE List - 2021 / August
Showing 201 - 300 of 2087 CVEs for August 2021 (Page 3 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-30573 | 2021-08-03 | Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30574 | 2021-08-03 | Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30575 | 2021-08-03 | Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted... |
| CVE-2021-30576 | 2021-08-03 | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30577 | 2021-08-03 | Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. |
| CVE-2021-30578 | 2021-08-03 | Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
| CVE-2021-30579 | 2021-08-03 | Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30580 | 2021-08-03 | Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via... |
| CVE-2021-30581 | 2021-08-03 | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30582 | 2021-08-03 | Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-30583 | 2021-08-03 | Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-30584 | 2021-08-03 | Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2021-30585 | 2021-08-03 | Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30586 | 2021-08-03 | Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit... |
| CVE-2021-30587 | 2021-08-03 | Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2021-30588 | 2021-08-03 | Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30589 | 2021-08-03 | Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. |
| CVE-2021-33331 | 2021-08-03 | Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix... |
| CVE-2021-33333 | 2021-08-03 | The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does... |
| CVE-2021-33334 | 2021-08-03 | The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6,... |
| CVE-2021-33332 | 2021-08-03 | Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows... |
| CVE-2021-33335 | 2021-08-03 | Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to... |
| CVE-2021-38084 | 2021-08-03 | An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted... |
| CVE-2020-19301 | 2021-08-03 | A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. |
| CVE-2020-19302 | 2021-08-03 | An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php". |
| CVE-2020-19303 | 2021-08-03 | An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2020-19304 | 2021-08-03 | An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information. |
| CVE-2020-19305 | 2021-08-03 | An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. |
| CVE-2021-33403 | 2021-08-03 | An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large... |
| CVE-2021-34270 | 2021-08-03 | An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses. |
| CVE-2021-34272 | 2021-08-03 | A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the... |
| CVE-2021-34273 | 2021-08-03 | A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the... |
| CVE-2021-32813 | 2021-08-03 | Drop Headers via Malicious Connection Header |
| CVE-2021-37231 | 2021-08-04 | A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. |
| CVE-2021-37232 | 2021-08-04 | A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64. |
| CVE-2021-38115 | 2021-08-04 | read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. |
| CVE-2021-38111 | 2021-08-04 | The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol. |
| CVE-2021-36483 | 2021-08-04 | DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. |
| CVE-2021-35397 | 2021-08-04 | A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack... |
| CVE-2021-33339 | 2021-08-04 | Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script... |
| CVE-2021-3680 | 2021-08-04 | Missing Cryptographic Step in star7th/showdoc |
| CVE-2021-33336 | 2021-08-04 | Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through... |
| CVE-2021-33338 | 2021-08-04 | The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which... |
| CVE-2021-3678 | 2021-08-04 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc |
| CVE-2021-33337 | 2021-08-04 | Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix... |
| CVE-2021-26098 | 2021-08-04 | An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state... |
| CVE-2021-35463 | 2021-08-04 | Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the... |
| CVE-2021-36765 | 2021-08-04 | In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system. |
| CVE-2021-32594 | 2021-08-04 | An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to... |
| CVE-2021-32590 | 2021-08-04 | Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an... |
| CVE-2021-36764 | 2021-08-04 | In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in... |
| CVE-2020-4707 | 2021-08-04 | IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-29765 | 2021-08-04 | IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476. |
| CVE-2020-24821 | 2021-08-04 | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
| CVE-2020-24822 | 2021-08-04 | A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
| CVE-2020-24823 | 2021-08-04 | A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
| CVE-2020-24824 | 2021-08-04 | A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). |
| CVE-2020-24825 | 2021-08-04 | A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
| CVE-2020-24826 | 2021-08-04 | A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
| CVE-2020-24827 | 2021-08-04 | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
| CVE-2021-24018 | 2021-08-04 | A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically... |
| CVE-2021-24010 | 2021-08-04 | Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files... |
| CVE-2021-36168 | 2021-08-04 | A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker... |
| CVE-2021-34831 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-34832 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34833 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34834 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34835 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34836 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34837 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34838 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34839 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34840 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34841 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34842 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34843 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34844 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34845 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34846 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34847 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34848 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34849 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34850 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34851 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34852 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-34853 | 2021-08-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-29011 | 2021-08-04 | Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code... |
| CVE-2021-32596 | 2021-08-04 | A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password... |
| CVE-2021-26097 | 2021-08-04 | An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with... |
| CVE-2021-1572 | 2021-08-04 | ConfD CLI Secure Shell Server Privilege Escalation Vulnerability |
| CVE-2021-1522 | 2021-08-04 | Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass |
| CVE-2021-1593 | 2021-08-04 | Cisco Packet Tracer for Windows DLL Injection Vulnerability |
| CVE-2021-1602 | 2021-08-04 | Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability |
| CVE-2021-1609 | 2021-08-04 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities |
| CVE-2021-1610 | 2021-08-04 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities |
| CVE-2021-34707 | 2021-08-04 | Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability |
| CVE-2021-32706 | 2021-08-04 | (Authenticated) Remote Code Execution Possible in Web Interface 5.5 |
| CVE-2021-32793 | 2021-08-04 | Stored XSS Vulnerability in the Pi-hole Webinterface |
| CVE-2021-26096 | 2021-08-04 | Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically... |
| CVE-2021-24014 | 2021-08-04 | Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request... |