CVE List - 2021 / September
Showing 1601 - 1700 of 1899 CVEs for September 2021 (Page 17 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-40654 | 2021-09-24 | An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page |
| CVE-2021-40655 | 2021-09-24 | An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php... |
| CVE-2020-20508 | 2021-09-24 | Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. |
| CVE-2020-20514 | 2021-09-24 | A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. |
| CVE-2021-21742 | 2021-09-24 | There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive... |
| CVE-2021-41617 | 2021-09-26 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and... |
| CVE-2021-3830 | 2021-09-26 | Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver |
| CVE-2021-31606 | 2021-09-27 | furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. |
| CVE-2021-34348 | 2021-09-27 | Command Injection Vulnerability in QVR |
| CVE-2021-34349 | 2021-09-27 | Command Injection Vulnerability in QVR |
| CVE-2021-34351 | 2021-09-27 | Command Injection Vulnerability in QVR |
| CVE-2021-31604 | 2021-09-27 | furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. |
| CVE-2021-31605 | 2021-09-27 | furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. |
| CVE-2021-40349 | 2021-09-27 | e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring. |
| CVE-2021-40981 | 2021-09-27 | ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. |
| CVE-2021-41329 | 2021-09-27 | Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal... |
| CVE-2021-41385 | 2021-09-27 | The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. |
| CVE-2021-38299 | 2021-09-27 | Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without... |
| CVE-2021-41580 | 2021-09-27 | The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider... |
| CVE-2021-34570 | 2021-09-27 | Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS |
| CVE-2021-20317 | 2021-09-27 | A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local... |
| CVE-2021-23054 | 2021-09-27 | On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information... |
| CVE-2021-40097 | 2021-09-27 | An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. |
| CVE-2021-40098 | 2021-09-27 | An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. |
| CVE-2021-40103 | 2021-09-27 | An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. |
| CVE-2021-0421 | 2021-09-27 | In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0422 | 2021-09-27 | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2021-0423 | 2021-09-27 | In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2021-0424 | 2021-09-27 | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2021-0425 | 2021-09-27 | In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed... |
| CVE-2021-0610 | 2021-09-27 | In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-0611 | 2021-09-27 | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0612 | 2021-09-27 | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0660 | 2021-09-27 | In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2021-40104 | 2021-09-27 | An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. |
| CVE-2021-40105 | 2021-09-27 | An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. |
| CVE-2021-40106 | 2021-09-27 | An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. |
| CVE-2021-40108 | 2021-09-27 | An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. |
| CVE-2021-40109 | 2021-09-27 | A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can... |
| CVE-2021-23243 | 2021-09-27 | In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. |
| CVE-2021-3799 | 2021-09-27 | Improper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin |
| CVE-2021-3818 | 2021-09-27 | Reliance on Cookies without Validation and Integrity Checking in getgrav/grav |
| CVE-2021-3819 | 2021-09-27 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3820 | 2021-09-27 | Inefficient Regular Expression Complexity in pksunkara/inflect |
| CVE-2021-3822 | 2021-09-27 | Inefficient Regular Expression Complexity in josdejong/jsoneditor |
| CVE-2021-3828 | 2021-09-27 | Inefficient Regular Expression Complexity in nltk/nltk |
| CVE-2021-36219 | 2021-09-27 | An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can... |
| CVE-2021-36218 | 2021-09-27 | An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior... |
| CVE-2021-22272 | 2021-09-27 | ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase. |
| CVE-2021-37786 | 2021-09-27 | Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch... |
| CVE-2021-33907 | 2021-09-27 | The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the... |
| CVE-2021-34408 | 2021-09-27 | The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update... |
| CVE-2021-34409 | 2021-09-27 | Zoom Client Installer Local Privilege Escalation |
| CVE-2021-34410 | 2021-09-27 | A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. |
| CVE-2021-34411 | 2021-09-27 | During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with... |
| CVE-2021-34412 | 2021-09-27 | During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with... |
| CVE-2021-34414 | 2021-09-27 | The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector... |
| CVE-2021-34415 | 2021-09-27 | The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of... |
| CVE-2021-34416 | 2021-09-27 | The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version... |
| CVE-2021-34413 | 2021-09-27 | All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user... |
| CVE-2021-26587 | 2021-09-27 | A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact... |
| CVE-2021-37539 | 2021-09-27 | Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. |
| CVE-2021-36878 | 2021-09-27 | WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-24569 | 2021-09-27 | Cookie Notice & Compliance for GDPR / CCPA < 2.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24610 | 2021-09-27 | TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24632 | 2021-09-27 | Recipe Card Blocks < 2.8.1 - Reflected Cross-Site Scripting |
| CVE-2021-24633 | 2021-09-27 | Countdown Block < 1.1.2 - Missing Authorisation in AJAX action |
| CVE-2021-24634 | 2021-09-27 | Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24643 | 2021-09-27 | WP Map Block < 1.2.3 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24652 | 2021-09-27 | PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls |
| CVE-2021-24659 | 2021-09-27 | PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24660 | 2021-09-27 | PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24661 | 2021-09-27 | PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure |
| CVE-2021-24666 | 2021-09-27 | Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection |
| CVE-2021-24670 | 2021-09-27 | CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24671 | 2021-09-27 | MX Time Zone Clocks < 3.4.1 - Contributor+ Cross-Site Scripting |
| CVE-2021-36879 | 2021-09-27 | WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2021-36876 | 2021-09-27 | WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2021-36877 | 2021-09-27 | WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36874 | 2021-09-27 | WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability |
| CVE-2021-36880 | 2021-09-27 | WordPress uListing plugin <= 2.0.3 - Unauthenticated SQL Injection (SQLi) vulnerability |
| CVE-2021-36875 | 2021-09-27 | WordPress uListing plugin <= 2.0.5 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36841 | 2021-09-27 | YITH Maintenance Mode (WordPress plugin) <= 1.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability. |
| CVE-2021-36845 | 2021-09-27 | YITH Maintenance Mode (WordPress plugin) <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2021-39823 | 2021-09-27 | svg-native-viewer Heap Buffer overflow Vulnerability |
| CVE-2021-39819 | 2021-09-27 | Adobe InCopy Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-39826 | 2021-09-27 | Adobe Digital Editions Command Execution Vulnerability |
| CVE-2021-39818 | 2021-09-27 | Adobe InCopy Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-28613 | 2021-09-27 | Adobe Creative Cloud Arbitrary File Overwrite Vulnerability |
| CVE-2021-40711 | 2021-09-27 | Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution |
| CVE-2021-39824 | 2021-09-27 | Adobe Premiere Elements png Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-40702 | 2021-09-27 | Adobe Premiere Elements psd Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-39827 | 2021-09-27 | Adobe Digital Editions Installer flaw leads to Arbitrary File System Write |
| CVE-2021-40713 | 2021-09-27 | Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack |
| CVE-2021-39825 | 2021-09-27 | Adobe Photoshop Elements Edit 2021 TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-40703 | 2021-09-27 | Adobe Premiere Elements m4a Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-39828 | 2021-09-27 | Adobe Digital Editions Installer flaw leads to Local Privilege Escalation |
| CVE-2021-40701 | 2021-09-27 | Adobe Premiere Elements m4a Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-40709 | 2021-09-27 | Adobe Photoshop Buffer Overflow leads to Arbitrary Code Execution |
| CVE-2021-40700 | 2021-09-27 | Adobe Premiere Elements TIFF Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |