CVE List - 2021 / August
Showing 501 - 600 of 2087 CVEs for August 2021 (Page 6 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-36456 | 2021-08-08 | An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell<T>, the Send trait lacks bounds on the contained type. |
| CVE-2020-36455 | 2021-08-08 | An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock<T> unconditionally implements Send and Sync. |
| CVE-2020-36454 | 2021-08-08 | An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of Send without trait bounds on T. |
| CVE-2020-36453 | 2021-08-08 | An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>. |
| CVE-2020-36452 | 2021-08-08 | An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. |
| CVE-2020-36451 | 2021-08-08 | An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell<T>. |
| CVE-2020-36450 | 2021-08-08 | An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch<T>. |
| CVE-2020-36449 | 2021-08-08 | An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter<H>, Send is implemented without requiring H: Send. |
| CVE-2020-36448 | 2021-08-08 | An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache<K>. |
| CVE-2020-36447 | 2021-08-08 | An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef<T>. |
| CVE-2020-36446 | 2021-08-08 | An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel<T>. |
| CVE-2020-36445 | 2021-08-08 | An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec<T>. |
| CVE-2020-36444 | 2021-08-08 | An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC. |
| CVE-2020-36443 | 2021-08-08 | An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function. |
| CVE-2020-36442 | 2021-08-08 | An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait. |
| CVE-2020-36441 | 2021-08-08 | An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox<T> with no requirement for T: Send and T: Sync. |
| CVE-2020-36440 | 2021-08-08 | An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder<R>, it implements Send for any R: Read. |
| CVE-2020-36439 | 2021-08-08 | An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>. |
| CVE-2020-36438 | 2021-08-08 | An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits. |
| CVE-2020-36437 | 2021-08-08 | An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender<T>. |
| CVE-2020-36436 | 2021-08-08 | An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits. |
| CVE-2020-36435 | 2021-08-08 | An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks. |
| CVE-2020-36434 | 2021-08-08 | An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. |
| CVE-2020-36433 | 2021-08-08 | An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. |
| CVE-2020-36432 | 2021-08-08 | An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). |
| CVE-2021-23419 | 2021-08-08 | Prototype Pollution |
| CVE-2021-38197 | 2021-08-08 | unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive. |
| CVE-2021-38209 | 2021-08-08 | net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the... |
| CVE-2021-38208 | 2021-08-08 | net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain... |
| CVE-2021-38207 | 2021-08-08 | drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. |
| CVE-2021-38206 | 2021-08-08 | The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in... |
| CVE-2021-38205 | 2021-08-08 | drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). |
| CVE-2021-38204 | 2021-08-08 | drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. |
| CVE-2021-38203 | 2021-08-08 | btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is... |
| CVE-2021-38202 | 2021-08-08 | fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework... |
| CVE-2021-38201 | 2021-08-08 | net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. |
| CVE-2021-38200 | 2021-08-08 | arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer... |
| CVE-2021-38199 | 2021-08-08 | fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for... |
| CVE-2021-38198 | 2021-08-08 | arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. |
| CVE-2021-24499 | 2021-08-09 | Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution |
| CVE-2021-32815 | 2021-08-09 | Denial of service due to assertion failure in crwimage_int.cpp |
| CVE-2021-34334 | 2021-08-09 | Denial of service due to integer overflow in loop counter |
| CVE-2021-34335 | 2021-08-09 | Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff |
| CVE-2021-37615 | 2021-08-09 | Null pointer dereference in Exiv2::Internal::resolveLens0x319 |
| CVE-2021-37616 | 2021-08-09 | Null pointer dereference in Exiv2::Internal::resolveLens0x8ff |
| CVE-2021-37618 | 2021-08-09 | Out-of-bounds read in Exiv2::Jp2Image::printStructure |
| CVE-2021-37619 | 2021-08-09 | Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header |
| CVE-2021-37620 | 2021-08-09 | Out-of-bounds read in XmpTextValue::read() |
| CVE-2021-37621 | 2021-08-09 | Denial of service due to infinite loop in Image::printIFDStructure |
| CVE-2021-37622 | 2021-08-09 | Denial of service due to infinite loop in JpegBase::printStructure (#1) |
| CVE-2021-37623 | 2021-08-09 | Denial of service due to infinite loop in JpegBase::printStructure (#2) |
| CVE-2021-37211 | 2021-08-09 | Larvata Digital Technology Co. Ltd. FLYGO - Stored XSS |
| CVE-2021-37212 | 2021-08-09 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-1 |
| CVE-2021-37213 | 2021-08-09 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-2 |
| CVE-2021-37214 | 2021-08-09 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-3 |
| CVE-2021-37215 | 2021-08-09 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-4 |
| CVE-2021-24304 | 2021-08-09 | Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS) |
| CVE-2021-24467 | 2021-08-09 | Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS |
| CVE-2021-24495 | 2021-08-09 | Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting |
| CVE-2021-24500 | 2021-08-09 | Workreap theme < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities |
| CVE-2021-24501 | 2021-08-09 | Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions |
| CVE-2021-24502 | 2021-08-09 | WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24505 | 2021-08-09 | Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24507 | 2021-08-09 | Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection |
| CVE-2021-24509 | 2021-08-09 | Page View Counts < 2.4.9 - Contributor+ Stored XSS |
| CVE-2021-24520 | 2021-08-09 | Stock in & out <= 1.0.4 - Authenticated SQL Injection |
| CVE-2021-24521 | 2021-08-09 | Side Menu Lite < 2.2.1 - Authenticated SQL Injection |
| CVE-2021-24522 | 2021-08-09 | ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget |
| CVE-2021-38290 | 2021-08-09 | A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing. |
| CVE-2021-34661 | 2021-08-09 | WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion |
| CVE-2021-34660 | 2021-08-09 | WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting |
| CVE-2021-22910 | 2021-08-09 | A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. |
| CVE-2021-37788 | 2021-08-09 | A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is... |
| CVE-2021-36798 | 2021-08-09 | A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication... |
| CVE-2021-37573 | 2021-08-09 | A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404... |
| CVE-2021-33256 | 2021-08-09 | A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be... |
| CVE-2021-21740 | 2021-08-09 | There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the... |
| CVE-2021-20349 | 2021-08-09 | IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level... |
| CVE-2021-29714 | 2021-08-09 | IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. |
| CVE-2021-25954 | 2021-08-09 | Improper Access Control in “Dolibarr” |
| CVE-2013-6276 | 2021-08-09 | QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The... |
| CVE-2013-4717 | 2021-08-09 | Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL... |
| CVE-2013-4718 | 2021-08-09 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script... |
| CVE-2015-2073 | 2021-08-09 | The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. |
| CVE-2015-2074 | 2021-08-09 | The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. |
| CVE-2015-7731 | 2021-08-09 | SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. |
| CVE-2014-9320 | 2021-08-09 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. |
| CVE-2018-17862 | 2021-08-09 | A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that... |
| CVE-2018-17865 | 2021-08-09 | A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products... |
| CVE-2018-17861 | 2021-08-09 | A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that... |
| CVE-2021-37633 | 2021-08-09 | XSS via d-popover and d-html-popover attribute |
| CVE-2021-37634 | 2021-08-09 | LeafKit allows XSS with untrusted user input |
| CVE-2021-32797 | 2021-08-09 | JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> |
| CVE-2021-38305 | 2021-08-09 | 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect... |
| CVE-2021-32798 | 2021-08-09 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook |
| CVE-2021-21564 | 2021-08-09 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions... |
| CVE-2021-21584 | 2021-08-09 | Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the... |
| CVE-2021-21585 | 2021-08-09 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this... |
| CVE-2021-21596 | 2021-08-09 | Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate... |
| CVE-2021-36276 | 2021-08-09 | Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access... |