CVE List - 2021 / September
Showing 1401 - 1500 of 1899 CVEs for September 2021 (Page 15 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-29809 | 2021-09-20 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29811 | 2021-09-20 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329. |
| CVE-2021-29817 | 2021-09-20 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-29818 | 2021-09-20 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-29819 | 2021-09-20 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-29820 | 2021-09-20 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-29821 | 2021-09-20 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-29856 | 2021-09-20 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685. |
| CVE-2021-38899 | 2021-09-20 | IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. |
| CVE-2020-8561 | 2021-09-20 | Webhook redirect in kube-apiserver |
| CVE-2021-25740 | 2021-09-20 | Holes in EndpointSlice Validation Enable Host Network Hijack |
| CVE-2021-25741 | 2021-09-20 | Symlink Exchange Can Allow Host Filesystem Access |
| CVE-2021-32839 | 2021-09-20 | Regular Expression Denial of Service in sqlparse |
| CVE-2021-32838 | 2021-09-20 | Regular Expression Denial of Service in flask-restx |
| CVE-2020-19915 | 2021-09-20 | Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. |
| CVE-2020-16630 | 2021-09-20 | TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by... |
| CVE-2020-26301 | 2021-09-20 | Command injection in mscdex/ssh2 |
| CVE-2021-39325 | 2021-09-20 | OptinMonster <= 2.6.0 Reflected Cross-Site Scripting |
| CVE-2021-34650 | 2021-09-20 | eID Easy <= 4.6 Reflected Cross-Site Scripting |
| CVE-2021-41082 | 2021-09-20 | Private message title and participating users leaked in discourse |
| CVE-2021-39229 | 2021-09-20 | Regular expression deinal of service in apprise |
| CVE-2021-41083 | 2021-09-20 | CSRF Vulnerability in dada-mail 11.15.1 and below |
| CVE-2021-20037 | 2021-09-21 | SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability... |
| CVE-2021-20829 | 2021-09-21 | Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user... |
| CVE-2021-31917 | 2021-09-21 | A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST... |
| CVE-2021-26333 | 2021-09-21 | AMD Chipset Driver Information Disclosure Vulnerability |
| CVE-2021-0869 | 2021-09-21 | In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2021-28960 | 2021-09-21 | Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. |
| CVE-2021-37424 | 2021-09-21 | ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. |
| CVE-2021-37420 | 2021-09-21 | Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. |
| CVE-2021-37419 | 2021-09-21 | Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. |
| CVE-2021-37741 | 2021-09-21 | ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. |
| CVE-2021-41531 | 2021-09-21 | Invalid RPKI data could disable Route Origin Validation on RTR clients. |
| CVE-2021-41525 | 2021-09-21 | An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. |
| CVE-2021-29795 | 2021-09-21 | IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system.... |
| CVE-2021-29831 | 2021-09-21 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this... |
| CVE-2021-40868 | 2021-09-21 | In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. |
| CVE-2021-23443 | 2021-09-21 | Cross-site Scripting (XSS) |
| CVE-2021-39230 | 2021-09-21 | Error in JPNS kernel of Butter |
| CVE-2021-23444 | 2021-09-21 | Prototype Pollution |
| CVE-2021-40847 | 2021-09-21 | The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental... |
| CVE-2021-41084 | 2021-09-21 | Response Splitting from unsanitized headers in http4s |
| CVE-2020-19551 | 2021-09-21 | Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. |
| CVE-2020-19553 | 2021-09-21 | Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. |
| CVE-2020-19554 | 2021-09-21 | Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. |
| CVE-2021-41086 | 2021-09-21 | Clipboard-based XSS in jsuites |
| CVE-2021-41087 | 2021-09-21 | Improperly Implemented path matching for in-toto-golang |
| CVE-2020-23266 | 2021-09-21 | An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media... |
| CVE-2020-23267 | 2021-09-21 | An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media... |
| CVE-2020-23269 | 2021-09-21 | An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media... |
| CVE-2020-23273 | 2021-09-21 | Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. |
| CVE-2021-41382 | 2021-09-21 | Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. |
| CVE-2021-3583 | 2021-09-22 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying... |
| CVE-2021-31819 | 2021-09-22 | In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. |
| CVE-2021-38112 | 2021-09-22 | In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework... |
| CVE-2021-38153 | 2021-09-22 | Timing Attack Vulnerability for Apache Kafka Connect and Clients |
| CVE-2021-39339 | 2021-09-22 | Telefication <= 1.8.0 Open Proxy and Server-Side Request Forgery |
| CVE-2021-36260 | 2021-09-22 | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by... |
| CVE-2021-39404 | 2021-09-22 | MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. |
| CVE-2021-37925 | 2021-09-22 | Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. |
| CVE-2021-31841 | 2021-09-22 | DLL side loading vulnerability in MA for Windows |
| CVE-2021-31847 | 2021-09-22 | Improper privilege management in repair process of MA for Windows |
| CVE-2021-31836 | 2021-09-22 | Improper Privilege Management in MA for Windows |
| CVE-2021-37927 | 2021-09-22 | Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. |
| CVE-2021-40875 | 2021-09-22 | Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail... |
| CVE-2021-41011 | 2021-09-22 | LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side... |
| CVE-2021-40684 | 2021-09-22 | Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which... |
| CVE-2019-6288 | 2021-09-22 | Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. |
| CVE-2021-37860 | 2021-09-22 | Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. |
| CVE-2021-34648 | 2021-09-22 | Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection |
| CVE-2021-34647 | 2021-09-22 | Ninja Forms <= 3.5.7 Sensitive Information Disclosure |
| CVE-2021-21991 | 2021-09-22 | The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit... |
| CVE-2021-21992 | 2021-09-22 | The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server... |
| CVE-2020-23469 | 2021-09-22 | gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. |
| CVE-2020-23478 | 2021-09-22 | Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. |
| CVE-2020-23481 | 2021-09-22 | CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field... |
| CVE-2021-22015 | 2021-09-23 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate... |
| CVE-2021-41381 | 2021-09-23 | Payara Micro Community 5.2021.6 and below allows Directory Traversal. |
| CVE-2021-22945 | 2021-09-23 | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that... |
| CVE-2021-1622 | 2021-09-23 | Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability |
| CVE-2021-1623 | 2021-09-23 | Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Management Protocol Denial of Service Vulnerability |
| CVE-2021-1624 | 2021-09-23 | Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability |
| CVE-2021-1625 | 2021-09-23 | Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability |
| CVE-2021-34696 | 2021-09-23 | Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability |
| CVE-2021-34697 | 2021-09-23 | Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability |
| CVE-2021-34699 | 2021-09-23 | Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability |
| CVE-2021-34703 | 2021-09-23 | Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability |
| CVE-2021-34723 | 2021-09-23 | Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability |
| CVE-2021-34714 | 2021-09-23 | Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability |
| CVE-2021-34712 | 2021-09-23 | Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability |
| CVE-2021-34705 | 2021-09-23 | Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability |
| CVE-2021-34724 | 2021-09-23 | Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2021-34725 | 2021-09-23 | Cisco IOS XE SD-WAN Software Command Injection Vulnerability |
| CVE-2021-34726 | 2021-09-23 | Cisco SD-WAN Software Command Injection Vulnerability |
| CVE-2021-34727 | 2021-09-23 | Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability |
| CVE-2021-34729 | 2021-09-23 | Cisco IOS XE SD-WAN Software Command Injection Vulnerability |
| CVE-2021-34740 | 2021-09-23 | Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability |
| CVE-2021-34767 | 2021-09-23 | Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability |
| CVE-2021-34768 | 2021-09-23 | Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities |
| CVE-2021-34769 | 2021-09-23 | Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities |