CVE List - 2021 / August
Showing 301 - 400 of 2087 CVEs for August 2021 (Page 4 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-22124 | 2021-08-04 | An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow... |
| CVE-2021-32464 | 2021-08-04 | An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific... |
| CVE-2021-32465 | 2021-08-04 | An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass... |
| CVE-2021-38113 | 2021-08-04 | In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS. |
| CVE-2021-20028 | 2021-08-04 | Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier |
| CVE-2020-22352 | 2021-08-04 | The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
| CVE-2020-24829 | 2021-08-04 | An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of... |
| CVE-2021-38114 | 2021-08-04 | libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. |
| CVE-2021-31867 | 2021-08-04 | Pimcore Customer Data Framework 'SegmentAssignmentController.php' Blind SQL Injection |
| CVE-2021-31869 | 2021-08-04 | Pimcore AdminBundle 'specificID' SQL Injection |
| CVE-2021-36800 | 2021-08-04 | Akaunting OS Command Injection in 'Money.php' |
| CVE-2021-36801 | 2021-08-04 | Akaunting Authentication Bypass in Company Selection |
| CVE-2021-36802 | 2021-08-04 | Akaunting DoS via User-Controlled 'locale' Variable |
| CVE-2021-36803 | 2021-08-04 | Akaunting Avatar Persistent XSS |
| CVE-2021-36804 | 2021-08-04 | Akaunting Password Reset Relay |
| CVE-2021-36805 | 2021-08-04 | Akaunting Invoice Footer Persistent XSS |
| CVE-2021-3539 | 2021-08-04 | EspoCRM Avatar Persistent XSS |
| CVE-2021-22922 | 2021-08-05 | When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the... |
| CVE-2021-22923 | 2021-08-05 | When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then... |
| CVE-2021-22925 | 2021-08-05 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for... |
| CVE-2021-22926 | 2021-08-05 | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is... |
| CVE-2021-3580 | 2021-08-05 | A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash... |
| CVE-2021-32598 | 2021-08-05 | An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and... |
| CVE-2021-32603 | 2021-08-05 | A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and... |
| CVE-2021-38095 | 2021-08-05 | The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request. |
| CVE-2021-37604 | 2021-08-05 | In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this... |
| CVE-2021-37605 | 2021-08-05 | In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. |
| CVE-2021-38138 | 2021-08-05 | OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is... |
| CVE-2020-22732 | 2021-08-05 | CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. |
| CVE-2021-37625 | 2021-08-05 | Incorrect Check of Function Return Value in Skytable |
| CVE-2021-32579 | 2021-08-05 | Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code... |
| CVE-2021-32580 | 2021-08-05 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. |
| CVE-2021-32576 | 2021-08-05 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). |
| CVE-2021-35306 | 2021-08-05 | An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4_StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of service... |
| CVE-2021-35307 | 2021-08-05 | An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the AP4_DescriptorFinder::Test component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service... |
| CVE-2021-36584 | 2021-08-05 | An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of... |
| CVE-2021-32578 | 2021-08-05 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). |
| CVE-2021-32581 | 2021-08-05 | Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior... |
| CVE-2021-32577 | 2021-08-05 | Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. |
| CVE-2021-23849 | 2021-08-05 | Cross Site Request Forgery (CSRF) vulnerability in web based management interface |
| CVE-2021-22240 | 2021-08-05 | Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled |
| CVE-2021-33596 | 2021-08-05 | Fake Apple login prompt in F-Secure SAFE browser for iOS |
| CVE-2021-22241 | 2021-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. |
| CVE-2021-37614 | 2021-08-05 | In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database.... |
| CVE-2021-34371 | 2021-08-05 | Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because... |
| CVE-2021-34631 | 2021-08-05 | NewsPlugin <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-33597 | 2021-08-05 | Denial-of-Service (DoS) Vulnerability |
| CVE-2021-37859 | 2021-08-05 | Reflected XSS in OAuth Flow |
| CVE-2021-25443 | 2021-08-05 | A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. |
| CVE-2021-25444 | 2021-08-05 | An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process. |
| CVE-2021-25445 | 2021-08-05 | Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. |
| CVE-2021-25446 | 2021-08-05 | Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. |
| CVE-2021-25447 | 2021-08-05 | Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. |
| CVE-2021-25448 | 2021-08-05 | Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. |
| CVE-2021-29978 | 2021-08-05 | Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN... |
| CVE-2021-29977 | 2021-08-05 | Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could... |
| CVE-2021-29976 | 2021-08-05 | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort... |
| CVE-2021-29975 | 2021-08-05 | Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain... |
| CVE-2021-29974 | 2021-08-05 | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which... |
| CVE-2021-29973 | 2021-08-05 | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be... |
| CVE-2021-29972 | 2021-08-05 | A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well.... |
| CVE-2021-29971 | 2021-08-05 | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be... |
| CVE-2021-29970 | 2021-08-05 | A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird <... |
| CVE-2021-29969 | 2021-08-05 | If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore... |
| CVE-2021-21739 | 2021-08-05 | A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module... |
| CVE-2021-21738 | 2021-08-05 | ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect... |
| CVE-2021-3682 | 2021-08-05 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client... |
| CVE-2021-3679 | 2021-08-05 | A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific... |
| CVE-2021-21863 | 2021-08-05 | A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An... |
| CVE-2021-21805 | 2021-08-05 | An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An... |
| CVE-2021-21790 | 2021-08-05 | An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to... |
| CVE-2021-21791 | 2021-08-05 | An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to... |
| CVE-2021-21792 | 2021-08-05 | An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to... |
| CVE-2021-21785 | 2021-08-05 | An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive... |
| CVE-2021-21870 | 2021-08-05 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can... |
| CVE-2021-21831 | 2021-08-05 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can... |
| CVE-2021-21893 | 2021-08-05 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can... |
| CVE-2021-34634 | 2021-08-05 | Nifty Newsletters <= 4.0.23 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34633 | 2021-08-05 | Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-37632 | 2021-08-05 | Deserialization of Untrusted Data in com.supermartijn642.configlib.ConfigSyncPacket |
| CVE-2021-22928 | 2021-08-05 | A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix... |
| CVE-2021-22927 | 2021-08-05 | A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session. |
| CVE-2021-22919 | 2021-08-05 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO,... |
| CVE-2021-22920 | 2021-08-05 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO,... |
| CVE-2021-22924 | 2021-08-05 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did... |
| CVE-2021-34639 | 2021-08-05 | WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload |
| CVE-2021-34638 | 2021-08-05 | WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal |
| CVE-2021-3566 | 2021-08-05 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a... |
| CVE-2021-26605 | 2021-08-05 | unidocs ezPDFReader arbitrary command execution vulnerability |
| CVE-2020-7863 | 2021-08-05 | Raonwiz RAON K Upload Arbitrary Command Execution Vulnerability |
| CVE-2021-1630 | 2021-08-05 | XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers. |
| CVE-2021-22234 | 2021-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before... |
| CVE-2021-32002 | 2021-08-05 | SiteManager troubleshooter allows access without authentication from local network |
| CVE-2021-32003 | 2021-08-05 | Configuration service port remains open 10 minutes after reboot even when already provisioned |
| CVE-2021-37156 | 2021-08-05 | Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. |
| CVE-2021-20115 | 2021-08-05 | A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected... |
| CVE-2021-20116 | 2021-08-05 | A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected... |
| CVE-2021-35324 | 2021-08-05 | A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. |
| CVE-2021-35326 | 2021-08-05 | A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. |
| CVE-2021-35327 | 2021-08-05 | A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. |