CVE List - 2021 / August
Showing 101 - 200 of 2087 CVEs for August 2021 (Page 2 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-37848 | 2021-08-02 | common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. |
| CVE-2021-21864 | 2021-08-02 | A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An... |
| CVE-2021-21865 | 2021-08-02 | A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can... |
| CVE-2021-21866 | 2021-08-02 | A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An... |
| CVE-2021-32019 | 2021-08-02 | There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full... |
| CVE-2021-34637 | 2021-08-02 | Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34628 | 2021-08-02 | Admin Custom Login <= 3.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34635 | 2021-08-02 | Poll Maker <= 3.2.8 - Reflected Cross-Site Scripting |
| CVE-2021-34632 | 2021-08-02 | SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-27943 | 2021-08-02 | The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat... |
| CVE-2021-27499 | 2021-08-02 | Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between... |
| CVE-2021-27503 | 2021-08-02 | Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the... |
| CVE-2021-29979 | 2021-08-02 | Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud... |
| CVE-2021-32811 | 2021-08-02 | Remote Code Execution via Script (Python) objects under Python 3 |
| CVE-2021-32787 | 2021-08-02 | Low risk information disclosure in Sourcegraph |
| CVE-2021-32812 | 2021-08-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in frontend/server/server.js |
| CVE-2021-37914 | 2021-08-02 | In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow... |
| CVE-2021-37916 | 2021-08-02 | Joplin before 2.0.9 allows XSS via button and form in the note body. |
| CVE-2021-21553 | 2021-08-02 | Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This... |
| CVE-2021-21562 | 2021-08-02 | Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can... |
| CVE-2021-21563 | 2021-08-02 | Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a... |
| CVE-2021-21565 | 2021-08-02 | Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other... |
| CVE-2021-30560 | 2021-08-03 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-26085 | 2021-08-03 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version... |
| CVE-2021-35265 | 2021-08-03 | A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. |
| CVE-2021-37832 | 2021-08-03 | A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite... |
| CVE-2021-37833 | 2021-08-03 | A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. |
| CVE-2021-22400 | 2021-08-03 | Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can... |
| CVE-2021-36159 | 2021-08-03 | libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because... |
| CVE-2021-36157 | 2021-08-03 | An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such... |
| CVE-2021-36156 | 2021-08-03 | An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such... |
| CVE-2021-32772 | 2021-08-03 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in helper_entries |
| CVE-2021-27954 | 2021-08-03 | A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this... |
| CVE-2021-27952 | 2021-08-03 | Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console. |
| CVE-2021-27953 | 2021-08-03 | A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a... |
| CVE-2021-31630 | 2021-08-03 | Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. |
| CVE-2021-21576 | 2021-08-03 | Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s... |
| CVE-2021-21577 | 2021-08-03 | Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s... |
| CVE-2021-21578 | 2021-08-03 | Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the... |
| CVE-2021-21579 | 2021-08-03 | Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the... |
| CVE-2021-21580 | 2021-08-03 | Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to... |
| CVE-2021-21581 | 2021-08-03 | Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser... |
| CVE-2021-37556 | 2021-08-03 | A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and... |
| CVE-2021-37557 | 2021-08-03 | A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. |
| CVE-2021-37558 | 2021-08-03 | A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters.... |
| CVE-2021-33485 | 2021-08-03 | CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. |
| CVE-2021-36763 | 2021-08-03 | In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. |
| CVE-2021-33486 | 2021-08-03 | All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. |
| CVE-2021-32017 | 2021-08-03 | An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the... |
| CVE-2021-31503 | 2021-08-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that... |
| CVE-2021-31504 | 2021-08-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that... |
| CVE-2021-32814 | 2021-08-03 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Skytable |
| CVE-2021-27942 | 2021-08-03 | Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB... |
| CVE-2021-22422 | 2021-08-03 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. |
| CVE-2021-22417 | 2021-08-03 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. |
| CVE-2021-22424 | 2021-08-03 | A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. |
| CVE-2021-22421 | 2021-08-03 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. |
| CVE-2021-22416 | 2021-08-03 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. |
| CVE-2021-22425 | 2021-08-03 | A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges. |
| CVE-2021-22419 | 2021-08-03 | A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. |
| CVE-2021-22418 | 2021-08-03 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. |
| CVE-2021-22420 | 2021-08-03 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist... |
| CVE-2021-22423 | 2021-08-03 | A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. |
| CVE-2019-14453 | 2021-08-03 | An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an... |
| CVE-2021-36622 | 2021-08-03 | Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could... |
| CVE-2021-36654 | 2021-08-03 | CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. |
| CVE-2021-36623 | 2021-08-03 | Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. |
| CVE-2021-32016 | 2021-08-03 | An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via... |
| CVE-2021-32018 | 2021-08-03 | An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem,... |
| CVE-2021-36701 | 2021-08-03 | In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know... |
| CVE-2021-36702 | 2021-08-03 | The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers... |
| CVE-2021-36703 | 2021-08-03 | The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an... |
| CVE-2021-35343 | 2021-08-03 | Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to... |
| CVE-2021-33320 | 2021-08-03 | The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not... |
| CVE-2021-36542 | 2021-08-03 | Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user... |
| CVE-2021-33321 | 2021-08-03 | Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password... |
| CVE-2021-36543 | 2021-08-03 | Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated... |
| CVE-2021-33323 | 2021-08-03 | The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated... |
| CVE-2021-33324 | 2021-08-03 | The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages,... |
| CVE-2021-30541 | 2021-08-03 | Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30559 | 2021-08-03 | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30561 | 2021-08-03 | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30562 | 2021-08-03 | Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30563 | 2021-08-03 | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30564 | 2021-08-03 | Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-33322 | 2021-08-03 | In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not... |
| CVE-2021-33325 | 2021-08-03 | The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's... |
| CVE-2021-33326 | 2021-08-03 | Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2... |
| CVE-2021-33328 | 2021-08-03 | Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20,... |
| CVE-2021-33327 | 2021-08-03 | The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8,... |
| CVE-2021-33330 | 2021-08-03 | Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the... |
| CVE-2021-32803 | 2021-08-03 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning |
| CVE-2021-32804 | 2021-08-03 | Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization |
| CVE-2021-30565 | 2021-08-03 | Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to... |
| CVE-2021-30566 | 2021-08-03 | Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML... |
| CVE-2021-30567 | 2021-08-03 | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. |
| CVE-2021-30568 | 2021-08-03 | Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30569 | 2021-08-03 | Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30571 | 2021-08-03 | Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2021-30572 | 2021-08-03 | Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |