CVE List - 2021 / September
Showing 1201 - 1300 of 1899 CVEs for September 2021 (Page 13 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-41326 | 2021-09-17 | In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. |
| CVE-2021-20790 | 2021-09-17 | Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors. |
| CVE-2021-20791 | 2021-09-17 | Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment... |
| CVE-2021-20825 | 2021-09-17 | Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20828 | 2021-09-17 | Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-3804 | 2021-09-17 | Inefficient Regular Expression Complexity in nervjs/taro |
| CVE-2021-3810 | 2021-09-17 | Inefficient Regular Expression Complexity in cdr/code-server |
| CVE-2021-3811 | 2021-09-17 | Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte |
| CVE-2021-3812 | 2021-09-17 | Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte |
| CVE-2021-1939 | 2021-09-17 | Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
| CVE-2021-1947 | 2021-09-17 | Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| CVE-2021-1976 | 2021-09-17 | A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-30260 | 2021-09-17 | Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,... |
| CVE-2021-30261 | 2021-09-17 | Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-41303 | 2021-09-17 | Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass |
| CVE-2021-23442 | 2021-09-17 | Prototype Pollution |
| CVE-2021-39327 | 2021-09-17 | BulletProof Security <= 5.1 Sensitive Information Disclosure |
| CVE-2021-31842 | 2021-09-17 | XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting... |
| CVE-2021-31843 | 2021-09-17 | Improper access control vulnerability in McAfee ENS for Windows |
| CVE-2021-31845 | 2021-09-17 | Remote Code Execution in McAfee DLP Discover |
| CVE-2021-31844 | 2021-09-17 | Local Privilege Escalation in McAfee DLP Endpoint for Windows |
| CVE-2021-39228 | 2021-09-17 | Memory Safety Issue when using patch or merge on state and assign the result back to state |
| CVE-2021-39227 | 2021-09-17 | Fix prototype pollution in the zrender merge and clone helper methods |
| CVE-2021-41316 | 2021-09-17 | The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can... |
| CVE-2021-41315 | 2021-09-17 | The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary... |
| CVE-2021-41317 | 2021-09-17 | XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. |
| CVE-2019-9060 | 2021-09-17 | An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and... |
| CVE-2021-38304 | 2021-09-17 | Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-40825 | 2021-09-17 | nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of... |
| CVE-2020-12080 | 2021-09-17 | A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. |
| CVE-2020-12082 | 2021-09-17 | A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). |
| CVE-2020-12083 | 2021-09-17 | An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). |
| CVE-2021-38406 | 2021-09-17 | Delta Electronics DOPSoft 2 Out-of-Bounds Write |
| CVE-2021-38402 | 2021-09-17 | Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow |
| CVE-2021-38404 | 2021-09-17 | Delta Electronics DOPSoft 2 Heap-based Buffer Overflow |
| CVE-2021-38412 | 2021-09-17 | Digi PortServer TS 16 Improper Authentication |
| CVE-2021-41380 | 2021-09-17 | RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. NOTE: It is asserted that this issue requires social engineering... |
| CVE-2021-41383 | 2021-09-17 | setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. |
| CVE-2021-39216 | 2021-09-17 | Use after free passing `externref`s to Wasm in Wasmtime |
| CVE-2021-39219 | 2021-09-17 | Wrong type for `Linker`-define functions when used across two `Engine`s |
| CVE-2021-39218 | 2021-09-17 | Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime |
| CVE-2020-21547 | 2021-09-17 | Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. |
| CVE-2020-21548 | 2021-09-17 | Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. |
| CVE-2021-41387 | 2021-09-17 | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. |
| CVE-2021-41390 | 2021-09-17 | In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. |
| CVE-2021-41391 | 2021-09-17 | In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and... |
| CVE-2021-41392 | 2021-09-17 | static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous... |
| CVE-2021-3806 | 2021-09-18 | Path Traversal in Pardus Software Center |
| CVE-2021-41394 | 2021-09-18 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. |
| CVE-2021-41395 | 2021-09-18 | Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. |
| CVE-2021-41393 | 2021-09-18 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. |
| CVE-2021-40690 | 2021-09-19 | Bypass of the secureValidation property |
| CVE-2021-41073 | 2021-09-19 | loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by... |
| CVE-2021-32280 | 2021-09-20 | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The... |
| CVE-2021-39537 | 2021-09-20 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. |
| CVE-2021-38300 | 2021-09-20 | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional... |
| CVE-2021-24396 | 2021-09-20 | GSEOR <= 1.3 - Authenticated SQL Injection |
| CVE-2021-24397 | 2021-09-20 | MicroCopy <= 1.1.0 - Authenticated SQL Injection |
| CVE-2021-24398 | 2021-09-20 | Responsive 3D Slider <= 1.2 - Authenticated SQL Injection |
| CVE-2021-24399 | 2021-09-20 | The Sorter <= 1.0 - Authenticated SQL Injection |
| CVE-2021-24400 | 2021-09-20 | Display users <= 2.0.0 - Authenticated SQL Injection |
| CVE-2021-24401 | 2021-09-20 | WP Domain Redirect <= 1.0 - Authenticated SQL Injection |
| CVE-2021-24402 | 2021-09-20 | WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection |
| CVE-2021-24403 | 2021-09-20 | WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection |
| CVE-2021-24404 | 2021-09-20 | WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection |
| CVE-2021-24511 | 2021-09-20 | Create WooCommerce Product Feeds For 40+ Merchants < 3.3.1.0 - Authenticated SQL Injection |
| CVE-2021-24525 | 2021-09-20 | Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS |
| CVE-2021-24530 | 2021-09-20 | Alojapro Widget <= 1.1.15 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24582 | 2021-09-20 | ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24583 | 2021-09-20 | Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion |
| CVE-2021-24584 | 2021-09-20 | Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update |
| CVE-2021-24585 | 2021-09-20 | Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure |
| CVE-2021-24587 | 2021-09-20 | Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24596 | 2021-09-20 | youForms for WordPress <= 1.0.5 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24597 | 2021-09-20 | You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24600 | 2021-09-20 | WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24604 | 2021-09-20 | Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24606 | 2021-09-20 | Availability Calendar < 1.2.1 - Authenticated SQL Injection |
| CVE-2021-24609 | 2021-09-20 | WP Mapa Politico Espana < 3.7.0- Authenticated Stored XSS |
| CVE-2021-24613 | 2021-09-20 | Post Views Counter < 1.3.5 - Authenticated Stored XSS |
| CVE-2021-24618 | 2021-09-20 | Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting |
| CVE-2021-24635 | 2021-09-20 | Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls |
| CVE-2021-24636 | 2021-09-20 | Print My Blog < 3.4.2 - Plugin Deactivation via CSRF |
| CVE-2021-24637 | 2021-09-20 | Fonts Plugin < 3.0.3 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24638 | 2021-09-20 | OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API |
| CVE-2021-24639 | 2021-09-20 | OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion |
| CVE-2021-24640 | 2021-09-20 | Gutenslider < 5.2.0 - Contributor+ Stored XSS |
| CVE-2021-24657 | 2021-09-20 | Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24663 | 2021-09-20 | Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload |
| CVE-2021-24741 | 2021-09-20 | Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections |
| CVE-2019-16651 | 2021-09-20 | An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and... |
| CVE-2020-21913 | 2021-09-20 | International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. |
| CVE-2021-39402 | 2021-09-20 | MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and... |
| CVE-2021-40674 | 2021-09-20 | An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. |
| CVE-2020-21468 | 2021-09-20 | A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as... |
| CVE-2020-20891 | 2021-09-20 | Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
| CVE-2020-20892 | 2021-09-20 | An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. |
| CVE-2020-20896 | 2021-09-20 | An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. |
| CVE-2020-20898 | 2021-09-20 | Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
| CVE-2020-20902 | 2021-09-20 | A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. |