CVE List - 2021 / September
Showing 1001 - 1100 of 1899 CVEs for September 2021 (Page 11 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-3777 | 2021-09-15 | Inefficient Regular Expression Complexity in daaku/nodejs-tmpl |
| CVE-2021-3780 | 2021-09-15 | Cross-site Scripting (XSS) - Stored in chocobozzz/peertube |
| CVE-2021-41061 | 2021-09-15 | In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots. |
| CVE-2021-26434 | 2021-09-15 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2021-26435 | 2021-09-15 | Windows Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-26437 | 2021-09-15 | Visual Studio Code Spoofing Vulnerability |
| CVE-2021-36952 | 2021-09-15 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2021-36954 | 2021-09-15 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
| CVE-2021-36955 | 2021-09-15 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-36956 | 2021-09-15 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-36959 | 2021-09-15 | Windows Authenticode Spoofing Vulnerability |
| CVE-2021-36960 | 2021-09-15 | Windows SMB Information Disclosure Vulnerability |
| CVE-2021-36961 | 2021-09-15 | Windows Installer Denial of Service Vulnerability |
| CVE-2021-36962 | 2021-09-15 | Windows Installer Information Disclosure Vulnerability |
| CVE-2021-36963 | 2021-09-15 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-36964 | 2021-09-15 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-36965 | 2021-09-15 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability |
| CVE-2021-36966 | 2021-09-15 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CVE-2021-36967 | 2021-09-15 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability |
| CVE-2021-36968 | 2021-09-15 | Windows DNS Elevation of Privilege Vulnerability |
| CVE-2021-36969 | 2021-09-15 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
| CVE-2021-36972 | 2021-09-15 | Windows SMB Information Disclosure Vulnerability |
| CVE-2021-36973 | 2021-09-15 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability |
| CVE-2021-36974 | 2021-09-15 | Windows SMB Elevation of Privilege Vulnerability |
| CVE-2021-36975 | 2021-09-15 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-38624 | 2021-09-15 | Windows Key Storage Provider Security Feature Bypass Vulnerability |
| CVE-2021-38625 | 2021-09-15 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-38626 | 2021-09-15 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-38628 | 2021-09-15 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2021-38629 | 2021-09-15 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability |
| CVE-2021-38630 | 2021-09-15 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-38632 | 2021-09-15 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2021-38633 | 2021-09-15 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-38634 | 2021-09-15 | Microsoft Windows Update Client Elevation of Privilege Vulnerability |
| CVE-2021-38635 | 2021-09-15 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
| CVE-2021-38636 | 2021-09-15 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
| CVE-2021-38637 | 2021-09-15 | Windows Storage Information Disclosure Vulnerability |
| CVE-2021-38638 | 2021-09-15 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2021-38639 | 2021-09-15 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-38644 | 2021-09-15 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability |
| CVE-2021-38645 | 2021-09-15 | Open Management Infrastructure Elevation of Privilege Vulnerability |
| CVE-2021-38646 | 2021-09-15 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| CVE-2021-38647 | 2021-09-15 | Open Management Infrastructure Remote Code Execution Vulnerability |
| CVE-2021-38648 | 2021-09-15 | Open Management Infrastructure Elevation of Privilege Vulnerability |
| CVE-2021-38649 | 2021-09-15 | Open Management Infrastructure Elevation of Privilege Vulnerability |
| CVE-2021-38650 | 2021-09-15 | Microsoft Office Spoofing Vulnerability |
| CVE-2021-38651 | 2021-09-15 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-38652 | 2021-09-15 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-38653 | 2021-09-15 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2021-38654 | 2021-09-15 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2021-38655 | 2021-09-15 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-38656 | 2021-09-15 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2021-38657 | 2021-09-15 | Microsoft Office Graphics Component Information Disclosure Vulnerability |
| CVE-2021-38658 | 2021-09-15 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2021-38659 | 2021-09-15 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2021-38660 | 2021-09-15 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2021-38661 | 2021-09-15 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2021-38667 | 2021-09-15 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2021-38669 | 2021-09-15 | Microsoft Edge (Chromium-based) Tampering Vulnerability |
| CVE-2021-38671 | 2021-09-15 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2021-40440 | 2021-09-15 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
| CVE-2021-40447 | 2021-09-15 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2021-40444 | 2021-09-15 | Microsoft MSHTML Remote Code Execution Vulnerability |
| CVE-2021-40448 | 2021-09-15 | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability |
| CVE-2020-35340 | 2021-09-15 | A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. |
| CVE-2021-22147 | 2021-09-15 | Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to... |
| CVE-2021-22149 | 2021-09-15 | Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could... |
| CVE-2021-22148 | 2021-09-15 | Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to... |
| CVE-2021-3783 | 2021-09-15 | Cross-site Scripting (XSS) - Reflected in yourls/yourls |
| CVE-2021-27662 | 2021-09-15 | KT-1 Capture-replay |
| CVE-2021-3785 | 2021-09-15 | Cross-site Scripting (XSS) - Stored in yourls/yourls |
| CVE-2020-3960 | 2021-09-15 | VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with... |
| CVE-2021-3794 | 2021-09-15 | Inefficient Regular Expression Complexity in vuelidate/vuelidate |
| CVE-2021-30137 | 2021-09-15 | Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject... |
| CVE-2021-40845 | 2021-09-15 | The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor... |
| CVE-2021-3801 | 2021-09-15 | Inefficient Regular Expression Complexity in prismjs/prism |
| CVE-2021-39307 | 2021-09-15 | PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. |
| CVE-2021-3797 | 2021-09-15 | Use of Wrong Operator in String Comparison in hestiacp/hestiacp |
| CVE-2021-21798 | 2021-09-15 | An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of... |
| CVE-2021-38156 | 2021-09-15 | In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. |
| CVE-2021-39189 | 2021-09-15 | Observable Response Discrepancy in Lost Password Service |
| CVE-2020-19146 | 2021-09-15 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. |
| CVE-2020-19147 | 2021-09-15 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. |
| CVE-2020-19148 | 2021-09-15 | Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. |
| CVE-2020-19150 | 2021-09-15 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. |
| CVE-2020-19151 | 2021-09-15 | Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. |
| CVE-2020-19154 | 2021-09-15 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. |
| CVE-2020-19155 | 2021-09-15 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. |
| CVE-2020-19156 | 2021-09-15 | Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is... |
| CVE-2020-19157 | 2021-09-15 | Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'. |
| CVE-2020-19158 | 2021-09-15 | Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. |
| CVE-2020-19159 | 2021-09-15 | Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. |
| CVE-2021-27044 | 2021-09-15 | A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure. |
| CVE-2021-40157 | 2021-09-15 | A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run... |
| CVE-2021-39209 | 2021-09-15 | Bypassable CSRF protection |
| CVE-2021-39392 | 2021-09-15 | The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and... |
| CVE-2020-21121 | 2021-09-15 | Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file. |
| CVE-2020-21122 | 2021-09-15 | UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. |
| CVE-2020-21124 | 2021-09-15 | UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. |
| CVE-2020-21125 | 2021-09-15 | An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. |