CVE List - 2021 / August
Showing 701 - 800 of 2087 CVEs for August 2021 (Page 8 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-38534 | 2021-08-10 | Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before... |
| CVE-2021-38533 | 2021-08-10 | NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. |
| CVE-2021-38532 | 2021-08-10 | NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. |
| CVE-2021-38531 | 2021-08-11 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6260 before... |
| CVE-2021-38530 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20... |
| CVE-2021-38529 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. |
| CVE-2021-38528 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and... |
| CVE-2021-38527 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2... |
| CVE-2021-38526 | 2021-08-11 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94. |
| CVE-2021-38525 | 2021-08-11 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before... |
| CVE-2021-38524 | 2021-08-11 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before... |
| CVE-2021-38523 | 2021-08-11 | NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user. |
| CVE-2021-38522 | 2021-08-11 | NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user. |
| CVE-2021-38521 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.50, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.1.62, and RAX80 before 1.0.1.62. |
| CVE-2021-38520 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.52, R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, and... |
| CVE-2021-38519 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6250 before 1.0.4.36, R6300v2 before 1.0.4.36, R6400 before 1.0.1.50, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700... |
| CVE-2021-38518 | 2021-08-11 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and... |
| CVE-2021-38517 | 2021-08-11 | Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, and XR300 before 1.0.3.50. |
| CVE-2021-38516 | 2021-08-11 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before... |
| CVE-2021-38515 | 2021-08-11 | Certain NETGEAR devices are affected by denial of service. This affects R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R7900 before 1.0.3.18, and R8000 before 1.0.4.46. |
| CVE-2021-38513 | 2021-08-11 | Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before... |
| CVE-2021-33595 | 2021-08-11 | F-Secure Safe browser for iOS vulnerable to Address Bar Spoofing |
| CVE-2021-33594 | 2021-08-11 | F-Secure Safe browser for Android vulnerable to Address Bar Spoofing |
| CVE-2021-23420 | 2021-08-11 | Deserialization of Untrusted Data |
| CVE-2020-28589 | 2021-08-11 | An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker... |
| CVE-2021-32931 | 2021-08-11 | An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file... |
| CVE-2021-32947 | 2021-08-11 | FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. |
| CVE-2021-32939 | 2021-08-11 | FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code... |
| CVE-2021-0004 | 2021-08-11 | Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service... |
| CVE-2021-0005 | 2021-08-11 | Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local... |
| CVE-2021-0006 | 2021-08-11 | Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via... |
| CVE-2021-0007 | 2021-08-11 | Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local... |
| CVE-2021-0008 | 2021-08-11 | Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local... |
| CVE-2021-0009 | 2021-08-11 | Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via... |
| CVE-2021-0061 | 2021-08-11 | Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0012 | 2021-08-11 | Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2021-0062 | 2021-08-11 | Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0083 | 2021-08-11 | Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2021-0084 | 2021-08-11 | Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via... |
| CVE-2021-0002 | 2021-08-11 | Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via... |
| CVE-2021-0003 | 2021-08-11 | Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2021-0160 | 2021-08-11 | Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2021-0196 | 2021-08-11 | Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via... |
| CVE-2019-25052 | 2021-08-11 | In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. |
| CVE-2021-34640 | 2021-08-11 | Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting |
| CVE-2021-38549 | 2021-08-11 | MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED... |
| CVE-2021-38548 | 2021-08-11 | JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.... |
| CVE-2021-38547 | 2021-08-11 | Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm"... |
| CVE-2021-38546 | 2021-08-11 | CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The... |
| CVE-2021-38545 | 2021-08-11 | Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech... |
| CVE-2021-38544 | 2021-08-11 | Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm"... |
| CVE-2021-38543 | 2021-08-11 | TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an... |
| CVE-2021-20418 | 2021-08-11 | IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279. |
| CVE-2021-20420 | 2021-08-11 | IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281. |
| CVE-2021-20427 | 2021-08-11 | IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. |
| CVE-2021-3045 | 2021-08-11 | PAN-OS: OS Command Argument Injection in Web Interface |
| CVE-2021-3046 | 2021-08-11 | PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal |
| CVE-2021-3047 | 2021-08-11 | PAN-OS: Weak Cryptography Used in Web Interface Authentication |
| CVE-2021-3048 | 2021-08-11 | PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage |
| CVE-2021-3050 | 2021-08-11 | PAN-OS: OS Command Injection Vulnerability in Web Interface |
| CVE-2021-37694 | 2021-08-11 | Code injection issue for java-spring-cloud-stream-template |
| CVE-2021-23421 | 2021-08-11 | Prototype Pollution |
| CVE-2021-38085 | 2021-08-11 | The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the... |
| CVE-2020-21976 | 2021-08-11 | An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. |
| CVE-2021-33794 | 2021-08-11 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. |
| CVE-2021-33793 | 2021-08-11 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. |
| CVE-2021-32437 | 2021-08-11 | The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
| CVE-2021-32438 | 2021-08-11 | The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
| CVE-2021-32439 | 2021-08-11 | Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. |
| CVE-2021-32440 | 2021-08-11 | The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
| CVE-2017-16629 | 2021-08-11 | In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For... |
| CVE-2017-16630 | 2021-08-11 | In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local... |
| CVE-2017-16631 | 2021-08-11 | In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. |
| CVE-2017-16632 | 2021-08-11 | In SapphireIMS 4097_1, the password in the database is stored in Base64 format. |
| CVE-2020-25560 | 2021-08-11 | In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker... |
| CVE-2020-25561 | 2021-08-11 | SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. |
| CVE-2020-25562 | 2021-08-11 | In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent. |
| CVE-2020-25563 | 2021-08-11 | In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. |
| CVE-2020-25564 | 2021-08-11 | In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. |
| CVE-2020-25565 | 2021-08-11 | In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker... |
| CVE-2020-25566 | 2021-08-11 | In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a... |
| CVE-2021-22098 | 2021-08-11 | UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of... |
| CVE-2020-21359 | 2021-08-11 | An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end... |
| CVE-2020-21362 | 2021-08-11 | A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. |
| CVE-2020-21363 | 2021-08-11 | An arbitrary file deletion vulnerability exists within Maccms10. |
| CVE-2021-38574 | 2021-08-11 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string. |
| CVE-2021-38573 | 2021-08-11 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated. |
| CVE-2021-38572 | 2021-08-11 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated. |
| CVE-2021-38571 | 2021-08-11 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502. |
| CVE-2021-38570 | 2021-08-11 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink. |
| CVE-2021-38569 | 2021-08-11 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects. |
| CVE-2021-38568 | 2021-08-11 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format. |
| CVE-2021-38567 | 2021-08-11 | An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204. |
| CVE-2021-38566 | 2021-08-11 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes. |
| CVE-2021-38565 | 2021-08-11 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm. |
| CVE-2021-38564 | 2021-08-11 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand. |
| CVE-2021-38563 | 2021-08-11 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller... |
| CVE-2021-1106 | 2021-08-11 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information... |
| CVE-2021-1107 | 2021-08-11 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all... |
| CVE-2021-1108 | 2021-08-11 | NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and... |