CVE List - 2021 / September
Showing 1501 - 1600 of 1899 CVEs for September 2021 (Page 16 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-34770 | 2021-09-23 | Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability |
| CVE-2021-1565 | 2021-09-23 | Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities |
| CVE-2021-1546 | 2021-09-23 | Cisco SD-WAN Software Information Disclosure Vulnerability |
| CVE-2021-1419 | 2021-09-23 | Cisco Access Points SSH Management Privilege Escalation Vulnerability |
| CVE-2021-1589 | 2021-09-23 | Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability |
| CVE-2021-1611 | 2021-09-23 | Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability |
| CVE-2021-1612 | 2021-09-23 | Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability |
| CVE-2021-1615 | 2021-09-23 | Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability |
| CVE-2021-1616 | 2021-09-23 | Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability |
| CVE-2021-1619 | 2021-09-23 | Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability |
| CVE-2021-1620 | 2021-09-23 | Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability |
| CVE-2021-1621 | 2021-09-23 | Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability |
| CVE-2021-33035 | 2021-09-23 | Buffer overflow from a crafted DBF file |
| CVE-2021-21993 | 2021-09-23 | The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library... |
| CVE-2021-22005 | 2021-09-23 | The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to... |
| CVE-2021-22006 | 2021-09-23 | The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server... |
| CVE-2021-22007 | 2021-09-23 | The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information. |
| CVE-2021-22008 | 2021-09-23 | The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by... |
| CVE-2021-22009 | 2021-09-23 | The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create... |
| CVE-2021-22010 | 2021-09-23 | The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial... |
| CVE-2021-22011 | 2021-09-23 | vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to... |
| CVE-2021-22012 | 2021-09-23 | The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this... |
| CVE-2021-22013 | 2021-09-23 | The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server... |
| CVE-2021-22014 | 2021-09-23 | The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit... |
| CVE-2021-22016 | 2021-09-23 | The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim... |
| CVE-2021-22017 | 2021-09-23 | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit... |
| CVE-2021-22018 | 2021-09-23 | The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit... |
| CVE-2021-22019 | 2021-09-23 | The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending... |
| CVE-2021-22020 | 2021-09-23 | The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. |
| CVE-2021-22949 | 2021-09-23 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security... |
| CVE-2021-22950 | 2021-09-23 | Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" |
| CVE-2021-22952 | 2021-09-23 | A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said... |
| CVE-2021-22953 | 2021-09-23 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security... |
| CVE-2021-22948 | 2021-09-23 | Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute... |
| CVE-2021-22941 | 2021-09-23 | Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. |
| CVE-2021-32963 | 2021-09-23 | AVEVA SuiteLink Server Null Pointer Dereference |
| CVE-2021-32959 | 2021-09-23 | AVEVA SuiteLink Server Buffer Overflow |
| CVE-2021-32971 | 2021-09-23 | AVEVA SuiteLink Server Null Pointer Dereference |
| CVE-2021-32979 | 2021-09-23 | AVEVA SuiteLink Server Null Pointer Dereference |
| CVE-2021-32999 | 2021-09-23 | AVEVA SuiteLink Server Improper Handling of Exceptional Conditions |
| CVE-2021-32987 | 2021-09-23 | AVEVA SuiteLink Server Null Pointer Dereference |
| CVE-2021-26750 | 2021-09-23 | DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. |
| CVE-2021-21913 | 2021-09-23 | An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the... |
| CVE-2021-3824 | 2021-09-23 | OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. |
| CVE-2021-36872 | 2021-09-23 | WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36873 | 2021-09-23 | WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36823 | 2021-09-23 | WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-26794 | 2021-09-23 | Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. |
| CVE-2021-22276 | 2021-09-23 | free@home System Access Point FW integrity check can be bypassed. |
| CVE-2020-4690 | 2021-09-23 | IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of... |
| CVE-2020-4803 | 2021-09-23 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. |
| CVE-2020-4805 | 2021-09-23 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. |
| CVE-2020-4809 | 2021-09-23 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. |
| CVE-2021-20377 | 2021-09-23 | IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in... |
| CVE-2021-29800 | 2021-09-23 | IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-38863 | 2021-09-23 | IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. |
| CVE-2020-4941 | 2021-09-23 | IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. |
| CVE-2021-20434 | 2021-09-23 | IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. |
| CVE-2021-20435 | 2021-09-23 | IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system.... |
| CVE-2021-20484 | 2021-09-23 | IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-20485 | 2021-09-23 | IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could... |
| CVE-2021-20563 | 2021-09-23 | IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath... |
| CVE-2021-38864 | 2021-09-23 | IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. |
| CVE-2021-38870 | 2021-09-23 | IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2020-24327 | 2021-09-23 | Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. |
| CVE-2021-29810 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29812 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29813 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29814 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29815 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29816 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a... |
| CVE-2021-29832 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29833 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2021-29904 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. |
| CVE-2021-29905 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-38877 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-19949 | 2021-09-23 | A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19950 | 2021-09-23 | A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19951 | 2021-09-23 | A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. |
| CVE-2021-41088 | 2021-09-23 | Remote code execution via the web UI backend of Elvish |
| CVE-2021-41581 | 2021-09-24 | x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. |
| CVE-2021-41583 | 2021-09-24 | vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction... |
| CVE-2021-31923 | 2021-09-24 | Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. |
| CVE-2021-41584 | 2021-09-24 | Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. |
| CVE-2021-36749 | 2021-09-24 | Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920) |
| CVE-2021-41588 | 2021-09-24 | In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. |
| CVE-2021-41587 | 2021-09-24 | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. |
| CVE-2021-41586 | 2021-09-24 | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. |
| CVE-2021-40102 | 2021-09-24 | An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). |
| CVE-2021-40100 | 2021-09-24 | An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. |
| CVE-2021-40099 | 2021-09-24 | An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. |
| CVE-2021-40310 | 2021-09-24 | OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. |
| CVE-2021-40309 | 2021-09-24 | A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable... |
| CVE-2021-28130 | 2021-09-24 | Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters. |
| CVE-2021-22869 | 2021-09-24 | Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group |
| CVE-2021-22868 | 2021-09-24 | Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server |
| CVE-2021-39246 | 2021-09-24 | Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are... |
| CVE-2021-2464 | 2021-09-24 | Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux... |
| CVE-2021-41503 | 2021-09-24 | DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise... |
| CVE-2021-41504 | 2021-09-24 | An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that... |