CVE List - 2021 / September
Showing 601 - 700 of 1899 CVEs for September 2021 (Page 7 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-1762 | 2021-09-08 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001... |
| CVE-2021-22004 | 2021-09-08 | An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before... |
| CVE-2020-24672 | 2021-09-08 | ABB Base Software for SoftControl Remote Code Execution vulnerability |
| CVE-2021-35526 | 2021-09-08 | Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Product |
| CVE-2021-21897 | 2021-09-08 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious... |
| CVE-2021-21103 | 2021-09-08 | Adobe Illustrator memory corruption vulnerability could lead to information disclosure |
| CVE-2021-21104 | 2021-09-08 | Adobe Illustrator memory corruption vulnerability could lead to remote code execution |
| CVE-2021-21105 | 2021-09-08 | Adobe Illustrator memory corruption vulnerability could lead to remote code execution |
| CVE-2021-28566 | 2021-09-08 | Magento Commerce information disclosure during upload action leveraging a specially crafted file |
| CVE-2021-28567 | 2021-09-08 | Magento Commerce improper authorization allows an authenticated user to perform certain functions without permission |
| CVE-2021-28568 | 2021-09-08 | Adobe Genuine Services insecure file permission could lead to privilege escalation |
| CVE-2021-28569 | 2021-09-08 | Adobe Media Encoder VOB file parsing out-of-bounds read could lead to information disclosure vulnerability |
| CVE-2021-28571 | 2021-09-08 | Adobe After Effects improper neutralization of special elements could lead to remote code execution |
| CVE-2021-40346 | 2021-09-08 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request... |
| CVE-2021-33981 | 2021-09-08 | An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other... |
| CVE-2021-33982 | 2021-09-08 | An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user... |
| CVE-2021-3049 | 2021-09-08 | Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability |
| CVE-2021-3051 | 2021-09-08 | Cortex XSOAR: Authentication Bypass in SAML Authentication |
| CVE-2021-3052 | 2021-09-08 | PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface |
| CVE-2021-3053 | 2021-09-08 | PAN-OS: Exceptional Condition Denial-of-Service (DoS) |
| CVE-2021-3054 | 2021-09-08 | PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability |
| CVE-2021-3055 | 2021-09-08 | PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface |
| CVE-2021-31274 | 2021-09-08 | In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can... |
| CVE-2021-40537 | 2021-09-08 | Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. |
| CVE-2021-32805 | 2021-09-08 | URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder |
| CVE-2021-36215 | 2021-09-08 | LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling. |
| CVE-2021-36216 | 2021-09-08 | LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. |
| CVE-2021-38388 | 2021-09-08 | Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. |
| CVE-2021-40797 | 2021-09-08 | An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user... |
| CVE-2020-19137 | 2021-09-08 | Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". |
| CVE-2020-19138 | 2021-09-08 | Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". |
| CVE-2020-26772 | 2021-09-08 | Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function. |
| CVE-2021-36440 | 2021-09-08 | Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. |
| CVE-2021-30605 | 2021-09-08 | Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. |
| CVE-2021-40814 | 2021-09-08 | The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. |
| CVE-2021-40818 | 2021-09-08 | scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration. |
| CVE-2021-39296 | 2021-09-09 | In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. |
| CVE-2020-26300 | 2021-09-09 | Command injection in systeminformation |
| CVE-2021-32833 | 2021-09-09 | Unauthenticated file read in Emby Server |
| CVE-2021-32834 | 2021-09-09 | Arbitrary Groovy script evaluation in Eclipse Keti |
| CVE-2021-32835 | 2021-09-09 | Groovy Sandbox escape in Eclipse Keti |
| CVE-2021-32836 | 2021-09-09 | Pre-auth unsafe deserialization in ZStack |
| CVE-2021-34708 | 2021-09-09 | Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities |
| CVE-2021-34709 | 2021-09-09 | Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities |
| CVE-2021-34713 | 2021-09-09 | Cisco IOS XR Software for ASR 9000 Series Routers Denial of Service Vulnerability |
| CVE-2021-34718 | 2021-09-09 | Cisco IOS XR Software Arbitrary File Read and Write Vulnerability |
| CVE-2021-34719 | 2021-09-09 | Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities |
| CVE-2021-34720 | 2021-09-09 | Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability |
| CVE-2021-34721 | 2021-09-09 | Cisco IOS XR Software Command Injection Vulnerabilities |
| CVE-2021-34722 | 2021-09-09 | Cisco IOS XR Software Command Injection Vulnerabilities |
| CVE-2021-34728 | 2021-09-09 | Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities |
| CVE-2021-34737 | 2021-09-09 | Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability |
| CVE-2021-34771 | 2021-09-09 | Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability |
| CVE-2021-34785 | 2021-09-09 | Cisco BroadWorks CommPilot Application Software Vulnerabilities |
| CVE-2021-34786 | 2021-09-09 | Cisco BroadWorks CommPilot Application Software Vulnerabilities |
| CVE-2021-1909 | 2021-09-09 | Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-1933 | 2021-09-09 | UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
| CVE-2021-1934 | 2021-09-09 | Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-1935 | 2021-09-09 | Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-1941 | 2021-09-09 | Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2021-1946 | 2021-09-09 | Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-1948 | 2021-09-09 | Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics... |
| CVE-2021-1952 | 2021-09-09 | Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice &... |
| CVE-2021-1956 | 2021-09-09 | Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2021-1957 | 2021-09-09 | Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,... |
| CVE-2021-1958 | 2021-09-09 | A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2021-1960 | 2021-09-09 | Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2021-1961 | 2021-09-09 | Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-1962 | 2021-09-09 | Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2021-1963 | 2021-09-09 | Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-1971 | 2021-09-09 | Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and... |
| CVE-2021-1974 | 2021-09-09 | Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2021-30290 | 2021-09-09 | Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30294 | 2021-09-09 | Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30295 | 2021-09-09 | Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-36161 | 2021-09-09 | Unprotected input value toString cause RCE |
| CVE-2021-37579 | 2021-09-09 | Bypass deserialization checks in Apache Dubbo |
| CVE-2021-40222 | 2021-09-09 | Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a... |
| CVE-2021-40223 | 2021-09-09 | Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog).... |
| CVE-2021-26603 | 2021-09-09 | bandisoft ARK library heap overflow vulnerability |
| CVE-2021-36870 | 2021-09-09 | WordPress WP Google Maps plugin <= 8.1.12 - Multiple Authenticated Persistent XSS vulnerabilities |
| CVE-2021-36871 | 2021-09-09 | WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent XSS vulnerabilities |
| CVE-2021-38408 | 2021-09-09 | A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. |
| CVE-2021-20117 | 2021-09-09 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.... |
| CVE-2021-20118 | 2021-09-09 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.... |
| CVE-2021-39458 | 2021-09-09 | Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup.... |
| CVE-2021-39459 | 2021-09-09 | Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing... |
| CVE-2021-28498 | 2021-09-09 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access... |
| CVE-2021-28499 | 2021-09-09 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This... |
| CVE-2021-28497 | 2021-09-09 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where... |
| CVE-2021-28495 | 2021-09-09 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the... |
| CVE-2021-28493 | 2021-09-09 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the... |
| CVE-2021-28494 | 2021-09-09 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI.... |
| CVE-2020-7873 | 2021-09-09 | Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. |
| CVE-2020-7874 | 2021-09-09 | NEXACRO14 Runtime arbitrary file download and execution vulnerability |
| CVE-2021-26608 | 2021-09-09 | handysoft groupware arbitrary file download and execution vulnerability |
| CVE-2021-37101 | 2021-09-09 | There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious... |
| CVE-2021-3761 | 2021-09-09 | OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values |
| CVE-2020-19143 | 2021-09-09 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. |
| CVE-2020-19144 | 2021-09-09 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. |