CVE List - 2021 / September

Showing 1 - 100 of 1899 CVEs for September 2021 (Page 1 of 19)

Back to List Next

CVE ID	Date	Title
CVE-2021-36235	2021-09-01	An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As...
CVE-2021-39109	2021-09-01	The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.
CVE-2021-37415	2021-09-01	Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
CVE-2021-33582	2021-09-01	Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into...
CVE-2020-9000	2021-09-01	An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file...
CVE-2020-9002	2021-09-01	An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).
CVE-2021-35238	2021-09-01	Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability
CVE-2021-38703	2021-09-01	Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this...
CVE-2021-40352	2021-09-01	OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
CVE-2021-39378	2021-09-01	A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database...
CVE-2021-39373	2021-09-01	Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure.
CVE-2021-39377	2021-09-01	A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database...
CVE-2021-37151	2021-09-01	CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used...
CVE-2021-39379	2021-09-01	A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database...
CVE-2021-35508	2021-09-01	NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service...
CVE-2021-39166	2021-09-01	Improper Neutralization of Text-Values in Object Version Preview
CVE-2021-39170	2021-09-01	Improper Encoding or Escaping of Output in Asset Metadata Component
CVE-2021-39320	2021-09-01	underConstruction <= 1.18 - Reflected Cross-Site Scripting
CVE-2021-35215	2021-09-01	ActionPluginBaseView Deserialization of Untrusted Data RCE
CVE-2021-40350	2021-09-01	webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including...
CVE-2021-35216	2021-09-01	Deserialization of Untrusted Data in Resource Controls Remote Code Execution
CVE-2021-35218	2021-09-01	Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2021-23426	2021-09-01	Prototype Pollution
CVE-2021-36012	2021-09-01	Magento Commerce Gift Card Business Logic Error
CVE-2021-36037	2021-09-01	Magento Commerce Improper Authorization Vulnerability Could Lead To Information Exposure
CVE-2021-36033	2021-09-01	Magento Commerce Widgets Module XML Injection Vulnerability Could Lead To Remote Code Execution
CVE-2021-36022	2021-09-01	Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
CVE-2021-36034	2021-09-01	Magento Commerce Improper Input Validation Could Lead To Remote Code Execution
CVE-2021-36028	2021-09-01	Magento Commerce XML Injection Vulnerability Could Lead To Remote Code Execution
CVE-2021-36002	2021-09-01	Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation
CVE-2021-36038	2021-09-01	Magento Commerce Multishipping Module Improper Input Validation Could Lead To Information Exposure
CVE-2021-36032	2021-09-01	Magento Commerce Improper Input Validation Could Lead To Information Exposure and Privilege Escalation
CVE-2021-36026	2021-09-01	Magento Commerce Stored Cross-site Scripting Vulnerability
CVE-2021-36029	2021-09-01	Magento Commerce Improper Authorization Vulnerability Could Lead To Remote Code Execution
CVE-2021-36039	2021-09-01	Magento Commerce `quoteId` parameter Incorrect Authorization Vulnerability Could Lead To Information Disclosure
CVE-2021-23428	2021-09-01	Directory Traversal
CVE-2021-23427	2021-09-01	Arbitrary File Write via Archive Extraction (Zip Slip)
CVE-2021-36031	2021-09-01	Magento Commerce Path Traversal In `theme[preview_image]` Parameter Could Lead To Remote Code Execution
CVE-2021-36024	2021-09-01	Magento Commerce Improper Neutralization of Special Elements Used In A Command
CVE-2021-36035	2021-09-01	Magento Commerce Stock Media Improper Input Validation Could Lead To Remote Code Execution
CVE-2021-36020	2021-09-01	Magento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code Execution
CVE-2021-36025	2021-09-01	Magento Commerce Customer Edition Improper Input Validation Could Lead To Remote Code Execution
CVE-2021-36040	2021-09-01	Magento Commerce Improper Input Validation Could Lead To Remote Code Execution
CVE-2021-36041	2021-09-01	Magento Commerce Improper Input Validation Could Lead To Remote Code Execution
CVE-2021-36030	2021-09-01	Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation
CVE-2021-36042	2021-09-01	Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution
CVE-2021-36046	2021-09-01	XMP Toolkit SDK TIFF_MemoryReader::SortIFD function Memory Corruption
CVE-2021-36043	2021-09-01	Magento Commerce Authenticated Blind SSRF Could Lead To Remote Code Execution
CVE-2021-36027	2021-09-01	Magento Commerce Stored Cross-site Scripting Vulnerability
CVE-2021-36045	2021-09-01	XMP Toolkit SDK Out-of-bounds Read Vulnerability In PostScriptSupport::ConvertToDate Could Lead To Information Exposure
CVE-2021-36049	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-36047	2021-09-01	XMP Toolkit SDK Improper Input Validation Could Lead To Arbitrary Code Execution
CVE-2021-36048	2021-09-01	XMP Toolkit SDK Improper Input Validation Could Lead To Arbitrary Code Execution
CVE-2021-36044	2021-09-01	Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service
CVE-2021-36050	2021-09-01	XMP Toolkit SDK Heap-based Buffer Overflow Could Lead To Arbitrary Code Execution
CVE-2021-36053	2021-09-01	XMP Toolkit SDK Out-of-bounds Read Vulnerability In FindAndReadXMPChunk Could Lead To Information Exposure
CVE-2021-36052	2021-09-01	XMPToolkit SDK ImportTIFF_CheckStandardMapping Memory Corruption
CVE-2021-36055	2021-09-01	XMP Toolkit SDK Use After Free Vulnerability In ReadingXMPNewDOM Could Lead To Arbitrary Code Execution
CVE-2021-36057	2021-09-01	XMP Toolkit SDK Write-What-Where Condition Could Lead To Local Application Denial Of Service
CVE-2021-36059	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-36054	2021-09-01	XMP Toolkit SDK Heap-based Buffer Overflow in the PSD_MetaHandler::CacheFileData Could Lead To Application Denial Of Service
CVE-2021-36062	2021-09-01	Adobe Connect Reflected Cross-site Scripting via 'campaign-id' parameter
CVE-2021-36056	2021-09-01	XMP Toolkit SDK Heap-based Buffer Overflow Could Lead To Arbitrary Code Execution
CVE-2021-36064	2021-09-01	XMP Toolkit SDK SVG_Adapter ParseFullNS Buffer Underflow
CVE-2021-36061	2021-09-01	Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings
CVE-2021-36058	2021-09-01	XMP Toolkit SDK Integer Overflow Vulnerability Could Result In Application Denial Of Service
CVE-2021-36068	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-36066	2021-09-01	Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-36063	2021-09-01	Adobe Connect Reflected Cross-site Scripting via 'isTabletDeviceHTML' parameter
CVE-2021-36070	2021-09-01	Adobe Media Encoder Improper Memory Access When Parsing SVG Files Could Lead To Remote Code Execution
CVE-2021-36072	2021-09-01	Adobe Bridge SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-36065	2021-09-01	Adobe Photoshop Heap-Based Buffer Overflow Could Lead To Arbitrary Code Execution
CVE-2021-36067	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-36069	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-36074	2021-09-01	Adobe Bridge PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2021-36076	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-36071	2021-09-01	Adobe Bridge PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2021-39816	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-36078	2021-09-01	Adobe Bridge PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2021-39847	2021-09-01	XMP Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution
CVE-2021-36073	2021-09-01	Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2021-36077	2021-09-01	Adobe Bridge SVG File Memory Corruption Could Lead To Application Denial Of Service
CVE-2021-36075	2021-09-01	Adobe Bridge Buffer Overflow leads to Arbitrary Code Execution
CVE-2021-36079	2021-09-01	Adobe Bridge SGI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-39817	2021-09-01	Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-29851	2021-09-01	IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.
CVE-2021-29852	2021-09-01	IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2021-29853	2021-09-01	IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.
CVE-2021-40378	2021-09-01	An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.
CVE-2021-40382	2021-09-01	An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.
CVE-2021-40381	2021-09-01	An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.
CVE-2021-40380	2021-09-01	An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.
CVE-2021-40379	2021-09-01	An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.
CVE-2021-34435	2021-09-01	In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it...
CVE-2021-23436	2021-09-01	Prototype Pollution
CVE-2021-30354	2021-09-01	Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that...
CVE-2021-30355	2021-09-01	Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
CVE-2021-23438	2021-09-01	Prototype Pollution
CVE-2021-39185	2021-09-01	Default CORS config allows any origin with credentials
CVE-2020-20340	2021-09-01	A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.

1
2
3
Next
Last