CVE List - 2021 / September
Showing 701 - 800 of 1899 CVEs for September 2021 (Page 8 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-38725 | 2021-09-09 | Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php |
| CVE-2021-38723 | 2021-09-09 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items |
| CVE-2021-38721 | 2021-09-09 | FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability |
| CVE-2020-19515 | 2021-09-09 | qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. |
| CVE-2021-22239 | 2021-09-09 | An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. |
| CVE-2021-38540 | 2021-09-09 | Apache Airflow: Variable Import endpoint missed authentication check |
| CVE-2021-32484 | 2021-09-09 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2021-32485 | 2021-09-09 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2021-32486 | 2021-09-09 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2021-32487 | 2021-09-09 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2021-38727 | 2021-09-09 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items |
| CVE-2021-40284 | 2021-09-09 | D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can... |
| CVE-2021-28909 | 2021-09-09 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and... |
| CVE-2021-28910 | 2021-09-09 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server. |
| CVE-2020-19263 | 2021-09-09 | A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. |
| CVE-2020-19264 | 2021-09-09 | A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. |
| CVE-2020-19265 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19266 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19267 | 2021-09-09 | An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2020-19268 | 2021-09-09 | A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. |
| CVE-2021-28911 | 2021-09-09 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId... |
| CVE-2021-28912 | 2021-09-09 | BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part... |
| CVE-2021-28913 | 2021-09-09 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root... |
| CVE-2021-28914 | 2021-09-09 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is... |
| CVE-2021-25449 | 2021-09-09 | An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. |
| CVE-2021-25450 | 2021-09-09 | Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. |
| CVE-2021-25451 | 2021-09-09 | A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. |
| CVE-2021-25452 | 2021-09-09 | An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. |
| CVE-2021-25453 | 2021-09-09 | Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. |
| CVE-2021-25454 | 2021-09-09 | OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. |
| CVE-2021-25455 | 2021-09-09 | OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. |
| CVE-2021-25456 | 2021-09-09 | OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. |
| CVE-2021-25457 | 2021-09-09 | An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. |
| CVE-2021-25458 | 2021-09-09 | NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. |
| CVE-2021-25459 | 2021-09-09 | An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. |
| CVE-2021-25460 | 2021-09-09 | An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. |
| CVE-2021-25461 | 2021-09-09 | An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. |
| CVE-2021-25462 | 2021-09-09 | NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. |
| CVE-2021-25463 | 2021-09-09 | Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. |
| CVE-2021-25464 | 2021-09-09 | An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. |
| CVE-2021-25465 | 2021-09-09 | An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. |
| CVE-2021-25466 | 2021-09-09 | Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. |
| CVE-2021-38318 | 2021-09-09 | 3D Cover Carousel <= 1.0 Reflected Cross-Site Scripting |
| CVE-2021-38322 | 2021-09-09 | Twitter Friends Widget <= 3.1 Reflected Cross-Site Scripting |
| CVE-2021-38316 | 2021-09-09 | WP Academic People List <= 0.4.1 Reflected Cross-Site Scripting |
| CVE-2021-38324 | 2021-09-09 | SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection |
| CVE-2021-38320 | 2021-09-09 | simpleSAMLphp Authentication <= 0.7.0 Reflected Cross-Site Scripting |
| CVE-2021-38321 | 2021-09-09 | Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting |
| CVE-2021-38317 | 2021-09-09 | Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting |
| CVE-2021-38319 | 2021-09-09 | More From Google <= 0.0.2 Reflected Cross-Site Scripting |
| CVE-2021-38325 | 2021-09-09 | User Activation Email <= 1.3.0 Reflected Cross-Site Scripting |
| CVE-2021-38323 | 2021-09-09 | RentPress <= 6.6.4 Reflected Cross-Site Scripting |
| CVE-2021-32724 | 2021-09-09 | check-spelling workflow vulnerable to GITHUB_TOKEN leakage via symlink attack |
| CVE-2021-39200 | 2021-09-09 | Information Disclosure in wp_die() via JSONP in wordpress |
| CVE-2021-39201 | 2021-09-09 | Authenticated cross-site scripting (XSS) in WordPress editor |
| CVE-2021-39202 | 2021-09-09 | WordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget |
| CVE-2021-39203 | 2021-09-09 | Private data disclosure/privilege escalation through the block editor in Wordpress |
| CVE-2021-39162 | 2021-09-09 | Incorrect handling of H2 GOAWAY + SETTINGS frames |
| CVE-2021-39204 | 2021-09-09 | Excessive CPU usage in Pomerium |
| CVE-2021-39206 | 2021-09-09 | Incorrect Authorization with specially crafted requests |
| CVE-2020-19280 | 2021-09-09 | Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. |
| CVE-2020-19281 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. |
| CVE-2020-19282 | 2021-09-09 | A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. |
| CVE-2020-19283 | 2021-09-09 | A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19284 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments... |
| CVE-2020-19285 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text... |
| CVE-2020-19286 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field... |
| CVE-2020-19287 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. |
| CVE-2020-19288 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. |
| CVE-2020-19289 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album... |
| CVE-2020-19290 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment... |
| CVE-2020-19291 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. |
| CVE-2020-19292 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. |
| CVE-2020-19293 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. |
| CVE-2020-19295 | 2021-09-09 | A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19294 | 2021-09-09 | A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments... |
| CVE-2021-40839 | 2021-09-10 | The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. |
| CVE-2018-19957 | 2021-09-10 | Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud |
| CVE-2021-28813 | 2021-09-10 | Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch |
| CVE-2021-28816 | 2021-09-10 | Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud |
| CVE-2021-34343 | 2021-09-10 | Buffer Overflow Vulnerability in QTS, QuTS hero, and QuTScloud |
| CVE-2021-34344 | 2021-09-10 | Stack Buffer Overflow Vulnerability in QUSBCam2 |
| CVE-2021-34345 | 2021-09-10 | Stack Based Overflow Vulnerability in NVR Storage Expansion |
| CVE-2021-34346 | 2021-09-10 | Stack Based Overflow Vulnerability in NVR Storage Expansion |
| CVE-2021-3645 | 2021-09-10 | Prototype Pollution in viking04/merge |
| CVE-2021-35976 | 2021-09-10 | The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript... |
| CVE-2021-33011 | 2021-09-10 | All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet... |
| CVE-2021-38351 | 2021-09-10 | OSD Subscribe <= 1.2.3 Reflected Cross-Site Scripting |
| CVE-2021-38350 | 2021-09-10 | spideranalyse <= 0.0.1 Reflected Cross-Site Scripting |
| CVE-2021-38334 | 2021-09-10 | WP Design Maps & Places <= 1.2 Reflected Cross-Site Scripting |
| CVE-2021-38330 | 2021-09-10 | Yet Another bol.com Plugin <= 1.4 Reflected Cross-Site Scripting |
| CVE-2021-38337 | 2021-09-10 | RSVPMaker Excel <= 1.1 Reflected Cross-Site Scripting |
| CVE-2021-38332 | 2021-09-10 | On Page SEO + Whatsapp Chat Button <= 1.0.1 Reflected Cross-Site Scripting |
| CVE-2021-38348 | 2021-09-10 | Advance Search <= 1.1.2 Reflected Cross-Site Scripting |
| CVE-2021-38326 | 2021-09-10 | Post Title Counter <= 1.1 Reflected Cross-Site Scripting |
| CVE-2021-38353 | 2021-09-10 | Dropdown and scrollable Text <= 2.0 Reflected Cross-Site Scripting |
| CVE-2021-38349 | 2021-09-10 | Integration of Moneybird for WooCommerce <= 2.1.1 Reflected Cross-Site Scripting |
| CVE-2021-38340 | 2021-09-10 | Wordpress Simple Shop <= 1.2 Reflected Cross-Site Scripting |
| CVE-2021-38341 | 2021-09-10 | WooCommerce Payment Gateway Per Category <= 2.0.10 Reflected Cross-Site Scripting |
| CVE-2021-38352 | 2021-09-10 | Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting |