CVE List - 2021 / September
Showing 301 - 400 of 1899 CVEs for September 2021 (Page 4 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-37722 | 2021-09-07 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.... |
| CVE-2021-37723 | 2021-09-07 | A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security... |
| CVE-2021-33599 | 2021-09-07 | Denial-of-Service (DoS) Vulnerability |
| CVE-2021-37718 | 2021-09-07 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has... |
| CVE-2021-37724 | 2021-09-07 | A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security... |
| CVE-2021-37721 | 2021-09-07 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.... |
| CVE-2021-37728 | 2021-09-07 | A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. |
| CVE-2021-37729 | 2021-09-07 | A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba... |
| CVE-2021-37733 | 2021-09-07 | A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released... |
| CVE-2021-37725 | 2021-09-07 | A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15.... |
| CVE-2021-39285 | 2021-09-07 | A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. |
| CVE-2021-37731 | 2021-09-07 | A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released... |
| CVE-2021-27022 | 2021-09-07 | A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only... |
| CVE-2020-19131 | 2021-09-07 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". |
| CVE-2020-7819 | 2021-09-07 | nTracker USB Enterprise SQL-Injection vulnerability |
| CVE-2020-7865 | 2021-09-07 | Inoguard ExECM CoreB2B solution remote code execution vulnerability |
| CVE-2020-7832 | 2021-09-07 | RAONWIZ DEXT5 Upload remote code execution vulnerability |
| CVE-2021-40539 | 2021-09-07 | Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. |
| CVE-2021-38123 | 2021-09-07 | Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites... |
| CVE-2021-38142 | 2021-09-07 | Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that... |
| CVE-2021-39197 | 2021-09-07 | Cross-Site Request Forgery in better_errors |
| CVE-2021-35947 | 2021-09-07 | The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid... |
| CVE-2021-39199 | 2021-09-07 | Cross site scripting via unsafe defaults in remark-html |
| CVE-2021-39196 | 2021-09-07 | Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture |
| CVE-2021-35949 | 2021-09-07 | The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. |
| CVE-2021-39195 | 2021-09-07 | Server-Side Request Forgery vulnerability in misskey |
| CVE-2021-35946 | 2021-09-07 | A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. |
| CVE-2021-35948 | 2021-09-07 | Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use... |
| CVE-2021-38706 | 2021-09-07 | messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. |
| CVE-2021-38707 | 2021-09-07 | Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who... |
| CVE-2021-38704 | 2021-09-07 | Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token... |
| CVE-2021-38705 | 2021-09-07 | ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with... |
| CVE-2021-39194 | 2021-09-07 | Denial of service while parsing polymorphic input with tagged polymorphism style in kaml |
| CVE-2021-40143 | 2021-09-07 | Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources... |
| CVE-2020-19750 | 2021-09-07 | An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. |
| CVE-2020-19752 | 2021-09-07 | The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. |
| CVE-2020-19751 | 2021-09-07 | An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. |
| CVE-2021-37631 | 2021-09-07 | Circle can be accessed by non-Circle members in Nextcloud Deck |
| CVE-2021-39503 | 2021-09-07 | PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. |
| CVE-2021-39496 | 2021-09-07 | Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. |
| CVE-2021-39497 | 2021-09-07 | eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. |
| CVE-2021-39499 | 2021-09-07 | A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. |
| CVE-2021-37630 | 2021-09-07 | Secret Circle can be joined without approval in Nextcloud Circles |
| CVE-2021-32782 | 2021-09-07 | Cross-Site Scripting in Nextcloud Circles |
| CVE-2021-39500 | 2021-09-07 | Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write... |
| CVE-2021-39501 | 2021-09-07 | EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. |
| CVE-2021-37628 | 2021-09-07 | File Drop can be bypassed using Richdocuments app in nextcloud |
| CVE-2021-37629 | 2021-09-07 | Lack of ratelimit on Richdocuments OCS endpoint in nextcloud |
| CVE-2021-32766 | 2021-09-07 | Nextcloud Text app can disclose existence of folders in "File Drop" link share |
| CVE-2021-32800 | 2021-09-07 | Bypass of Two Factor Authentication in Nextcloud server |
| CVE-2021-32801 | 2021-09-07 | Exceptions may have logged Encryption-at-Rest key content in Nextcloud server |
| CVE-2021-32802 | 2021-09-07 | Preview generation used third-party library not suited for user-generated content in Nextcloud server |
| CVE-2020-19765 | 2021-09-07 | An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. |
| CVE-2020-19766 | 2021-09-07 | The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. |
| CVE-2020-19768 | 2021-09-07 | A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. |
| CVE-2020-19769 | 2021-09-07 | A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. |
| CVE-2020-19767 | 2021-09-07 | A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. |
| CVE-2021-37145 | 2021-09-07 | A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability... |
| CVE-2020-19853 | 2021-09-07 | BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. |
| CVE-2020-19855 | 2021-09-07 | phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. |
| CVE-2021-21996 | 2021-09-08 | An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a... |
| CVE-2021-40812 | 2021-09-08 | The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. |
| CVE-2021-39116 | 2021-09-08 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component.... |
| CVE-2021-39121 | 2021-09-08 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint.... |
| CVE-2021-39122 | 2021-09-08 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are... |
| CVE-2021-36179 | 2021-09-08 | A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution |
| CVE-2021-36182 | 2021-09-08 | A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP... |
| CVE-2020-29012 | 2021-09-08 | An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured... |
| CVE-2021-23404 | 2021-09-08 | Cross-site Request Forgery (CSRF) |
| CVE-2021-40377 | 2021-09-08 | SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then... |
| CVE-2021-36695 | 2021-09-08 | Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of... |
| CVE-2020-11264 | 2021-09-08 | Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,... |
| CVE-2020-11301 | 2021-09-08 | Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,... |
| CVE-2021-1904 | 2021-09-08 | Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2021-1914 | 2021-09-08 | Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon... |
| CVE-2021-1916 | 2021-09-08 | Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-1919 | 2021-09-08 | Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-1920 | 2021-09-08 | Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice &... |
| CVE-2021-1923 | 2021-09-08 | Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT |
| CVE-2021-1928 | 2021-09-08 | Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2021-1929 | 2021-09-08 | Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2021-1930 | 2021-09-08 | Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-1972 | 2021-09-08 | Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2021-28701 | 2021-09-08 | Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire... |
| CVE-2021-35217 | 2021-09-08 | Insecure Deserialization of untrusted data causing Remote code execution vulnerability. |
| CVE-2021-28580 | 2021-09-08 | Medium by Adobe file parsing buffer overflow vulnerability could lead to arbitrary code execution |
| CVE-2021-28581 | 2021-09-08 | Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation |
| CVE-2021-30800 | 2021-09-08 | This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. |
| CVE-2021-30803 | 2021-09-08 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts. |
| CVE-2021-30798 | 2021-09-08 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass... |
| CVE-2021-30799 | 2021-09-08 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing... |
| CVE-2021-30805 | 2021-09-08 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may... |
| CVE-2021-30796 | 2021-09-08 | A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously... |
| CVE-2021-30788 | 2021-09-08 | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina.... |
| CVE-2021-30720 | 2021-09-08 | A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious... |
| CVE-2021-30722 | 2021-09-08 | An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in... |
| CVE-2021-30724 | 2021-09-08 | This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur... |
| CVE-2021-30726 | 2021-09-08 | A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave.... |
| CVE-2021-30728 | 2021-09-08 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application... |
| CVE-2021-30721 | 2021-09-08 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a... |