CVE List - 2021 / August
Showing 801 - 900 of 2087 CVEs for August 2021 (Page 9 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-1109 | 2021-08-11 | NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams. |
| CVE-2021-1110 | 2021-08-11 | NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service... |
| CVE-2021-1111 | 2021-08-11 | Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in... |
| CVE-2021-1112 | 2021-08-11 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. |
| CVE-2021-1113 | 2021-08-11 | NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and... |
| CVE-2021-1114 | 2021-08-11 | NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service. |
| CVE-2021-37626 | 2021-08-11 | PHP file inclusion via insert tags |
| CVE-2021-36770 | 2021-08-11 | Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation... |
| CVE-2021-37627 | 2021-08-11 | Privilege escalation via form generator |
| CVE-2021-38590 | 2021-08-11 | In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). |
| CVE-2021-37696 | 2021-08-11 | Sensitive information leak in MassDM of tmerc-cogs |
| CVE-2021-38589 | 2021-08-11 | In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). |
| CVE-2021-38588 | 2021-08-11 | In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). |
| CVE-2021-38587 | 2021-08-11 | In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). |
| CVE-2021-38586 | 2021-08-11 | In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). |
| CVE-2021-38585 | 2021-08-11 | The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). |
| CVE-2021-38584 | 2021-08-11 | The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). |
| CVE-2021-37697 | 2021-08-11 | Sensitive information leak in Welcome of tmerc-cogs |
| CVE-2021-38591 | 2021-08-11 | An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of... |
| CVE-2021-37699 | 2021-08-11 | Open Redirect in Next.js versions below 11.1.0 |
| CVE-2020-22403 | 2021-08-12 | Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. |
| CVE-2021-38291 | 2021-08-12 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. |
| CVE-2021-38593 | 2021-08-12 | Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). |
| CVE-2021-38592 | 2021-08-12 | Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). |
| CVE-2021-37222 | 2021-08-12 | Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted... |
| CVE-2020-24576 | 2021-08-12 | Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. |
| CVE-2020-28165 | 2021-08-12 | The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. |
| CVE-2021-37841 | 2021-08-12 | Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container... |
| CVE-2021-38088 | 2021-08-12 | Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. |
| CVE-2021-38086 | 2021-08-12 | Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. |
| CVE-2021-38087 | 2021-08-12 | Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. |
| CVE-2021-27793 | 2021-08-12 | ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and... |
| CVE-2021-27792 | 2021-08-12 | The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.... |
| CVE-2021-27794 | 2021-08-12 | A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid... |
| CVE-2021-38597 | 2021-08-12 | wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. |
| CVE-2021-27790 | 2021-08-12 | The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this... |
| CVE-2021-27791 | 2021-08-12 | The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed... |
| CVE-2021-35955 | 2021-08-12 | Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7. |
| CVE-2021-20314 | 2021-08-12 | Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. |
| CVE-2020-20975 | 2021-08-12 | In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. |
| CVE-2020-20977 | 2021-08-12 | A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. |
| CVE-2020-20979 | 2021-08-12 | An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. |
| CVE-2020-20981 | 2021-08-12 | A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. |
| CVE-2021-38599 | 2021-08-12 | WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups.... |
| CVE-2021-38604 | 2021-08-12 | In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side... |
| CVE-2021-38606 | 2021-08-12 | reNgine through 0.5 relies on a predictable directory name. |
| CVE-2021-20509 | 2021-08-12 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file... |
| CVE-2021-32808 | 2021-08-12 | Cross-site scripting in ckeditor via abuse of undo functionality |
| CVE-2020-18445 | 2021-08-12 | Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. |
| CVE-2020-18446 | 2021-08-12 | Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. |
| CVE-2021-32809 | 2021-08-12 | Arbitrary HTML injection vulnerability in ckeditor |
| CVE-2020-18449 | 2021-08-12 | Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php |
| CVE-2021-36921 | 2021-08-12 | AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an... |
| CVE-2020-18451 | 2021-08-12 | Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. |
| CVE-2021-37636 | 2021-08-12 | Floating point exception in `SparseDenseCwiseDiv` in TensorFlow |
| CVE-2021-36982 | 2021-08-12 | AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of... |
| CVE-2021-37640 | 2021-08-12 | Integer division by 0 in sparse reshaping in TensorFlow |
| CVE-2021-37642 | 2021-08-12 | Division by 0 in `ResourceScatterDiv` in TensorFlow |
| CVE-2021-37653 | 2021-08-12 | Division by 0 in `ResourceGather` in TensorFlow |
| CVE-2021-37660 | 2021-08-12 | Division by 0 in inplace operations in TensorFlow |
| CVE-2020-18454 | 2021-08-12 | Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. |
| CVE-2020-18455 | 2021-08-12 | Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. |
| CVE-2020-18456 | 2021-08-12 | Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. |
| CVE-2020-18457 | 2021-08-12 | Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. |
| CVE-2020-18458 | 2021-08-12 | Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. |
| CVE-2021-37638 | 2021-08-12 | Null pointer dereference in `RaggedTensorToTensor` in TensorFlow |
| CVE-2021-37639 | 2021-08-12 | Null pointer dereference and heap OOB read in TensorFlow |
| CVE-2021-37643 | 2021-08-12 | Null pointer dereference in `MatrixDiagPartOp` in TensorFlow |
| CVE-2021-37647 | 2021-08-12 | Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow |
| CVE-2021-37649 | 2021-08-12 | Null pointer dereference in `UncompressElement` in TensorFlow |
| CVE-2021-26423 | 2021-08-12 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2021-26424 | 2021-08-12 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2021-26425 | 2021-08-12 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-26426 | 2021-08-12 | Windows User Account Profile Picture Elevation of Privilege Vulnerability |
| CVE-2021-26428 | 2021-08-12 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-26429 | 2021-08-12 | Azure Sphere Elevation of Privilege Vulnerability |
| CVE-2021-26430 | 2021-08-12 | Azure Sphere Denial of Service Vulnerability |
| CVE-2021-26431 | 2021-08-12 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
| CVE-2021-26432 | 2021-08-12 | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability |
| CVE-2021-26433 | 2021-08-12 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |
| CVE-2021-33762 | 2021-08-12 | Azure CycleCloud Elevation of Privilege Vulnerability |
| CVE-2021-34471 | 2021-08-12 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| CVE-2021-34478 | 2021-08-12 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2021-34480 | 2021-08-12 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-34483 | 2021-08-12 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2021-34484 | 2021-08-12 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CVE-2021-34485 | 2021-08-12 | .NET Core and Visual Studio Information Disclosure Vulnerability |
| CVE-2021-34486 | 2021-08-12 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-34487 | 2021-08-12 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-34524 | 2021-08-12 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
| CVE-2021-34530 | 2021-08-12 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2021-34532 | 2021-08-12 | ASP.NET Core and Visual Studio Information Disclosure Vulnerability |
| CVE-2021-34533 | 2021-08-12 | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability |
| CVE-2021-34534 | 2021-08-12 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2021-34535 | 2021-08-12 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2021-34536 | 2021-08-12 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2021-34537 | 2021-08-12 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| CVE-2021-36926 | 2021-08-12 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |
| CVE-2021-36927 | 2021-08-12 | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability |
| CVE-2021-36932 | 2021-08-12 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |