Lista CVE - 2021 / Luglio
Visualizzazione 1301 - 1400 di 1581 CVE per Luglio 2021 (Pagina 14 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-26699 | 2021-07-22 | OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. |
| CVE-2021-26228 | 2021-07-22 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php. |
| CVE-2021-26231 | 2021-07-22 | SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php. |
| CVE-2021-26230 | 2021-07-22 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php. |
| CVE-2021-29657 | 2021-07-22 | arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka... |
| CVE-2021-26232 | 2021-07-22 | SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php. |
| CVE-2021-26227 | 2021-07-22 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php. |
| CVE-2021-33478 | 2021-07-22 | The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected... |
| CVE-2020-5316 | 2021-07-22 | Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2,... |
| CVE-2020-5370 | 2021-07-22 | Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite... |
| CVE-2021-35063 | 2021-07-22 | Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." |
| CVE-2021-26226 | 2021-07-22 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php. |
| CVE-2015-2100 | 2021-07-22 | Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in... |
| CVE-2021-35464 | 2021-07-22 | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered... |
| CVE-2021-25202 | 2021-07-22 | SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. |
| CVE-2015-2099 | 2021-07-22 | Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in... |
| CVE-2015-2098 | 2021-07-22 | Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the... |
| CVE-2021-25197 | 2021-07-22 | Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php |
| CVE-2021-36222 | 2021-07-22 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference... |
| CVE-2020-36033 | 2021-07-22 | SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. |
| CVE-2021-33032 | 2021-07-22 | A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version... |
| CVE-2020-7387 | 2021-07-22 | Sage X3 AdxAdmin Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2020-7388 | 2021-07-22 | Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing |
| CVE-2020-7389 | 2021-07-22 | Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment |
| CVE-2020-7390 | 2021-07-22 | Sage X3 Syracuse Persistent XSS in Edit User page |
| CVE-2021-31579 | 2021-07-22 | Akkadian Provisioning Manager Engine (PME) Hard-Coded Credentials |
| CVE-2021-31580 | 2021-07-22 | Akkadian Provisioning Manager Engine (PME) Shell Escape via 'exec' command |
| CVE-2021-31581 | 2021-07-22 | Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface |
| CVE-2021-3198 | 2021-07-22 | Ivanti MobileIron Core clish Restricted Shell Escape via OS Command Injection |
| CVE-2021-3540 | 2021-07-22 | Ivanti MobileIron Core clish Restricted Shell Escape via Argument Injection |
| CVE-2021-26223 | 2021-07-22 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php. |
| CVE-2021-26224 | 2021-07-22 | Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. |
| CVE-2021-27332 | 2021-07-22 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php. |
| CVE-2021-25210 | 2021-07-22 | Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. |
| CVE-2021-25212 | 2021-07-22 | SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. |
| CVE-2021-25209 | 2021-07-22 | SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . |
| CVE-2021-25213 | 2021-07-22 | SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. |
| CVE-2021-25211 | 2021-07-22 | Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. |
| CVE-2021-25205 | 2021-07-22 | SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . |
| CVE-2020-22284 | 2021-07-22 | A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet. |
| CVE-2021-34259 | 2021-07-22 | A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. |
| CVE-2021-34260 | 2021-07-22 | A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. |
| CVE-2021-34261 | 2021-07-22 | An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. |
| CVE-2021-34262 | 2021-07-22 | A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. |
| CVE-2021-34267 | 2021-07-22 | An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. |
| CVE-2021-34268 | 2021-07-22 | An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. |
| CVE-2021-3169 | 2021-07-23 | An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to... |
| CVE-2021-32686 | 2021-07-23 | Denial of Service in PJSIP |
| CVE-2021-24036 | 2021-07-23 | Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution.... |
| CVE-2020-14032 | 2021-07-23 | ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. |
| CVE-2021-26799 | 2021-07-23 | Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2021-20333 | 2021-07-23 | Server log entry spoofing via newline injection |
| CVE-2021-25207 | 2021-07-23 | Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. |
| CVE-2021-25208 | 2021-07-23 | Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. |
| CVE-2021-25206 | 2021-07-23 | Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. |
| CVE-2021-25203 | 2021-07-23 | Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. |
| CVE-2021-25204 | 2021-07-23 | Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. |
| CVE-2021-25201 | 2021-07-23 | SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. |
| CVE-2021-3159 | 2021-07-23 | A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or... |
| CVE-2021-23412 | 2021-07-23 | Command Injection |
| CVE-2021-25790 | 2021-07-23 | Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted... |
| CVE-2021-25791 | 2021-07-23 | Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted... |
| CVE-2020-20741 | 2021-07-23 | Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does... |
| CVE-2021-25808 | 2021-07-23 | A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. |
| CVE-2021-25809 | 2021-07-23 | UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. |
| CVE-2021-32783 | 2021-07-23 | Authorization bypass in Contour |
| CVE-2021-37436 | 2021-07-24 | Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware... |
| CVE-2021-23413 | 2021-07-25 | Denial of Service (DoS) |
| CVE-2021-3663 | 2021-07-25 | Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii |
| CVE-2021-37470 | 2021-07-25 | In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. |
| CVE-2021-37469 | 2021-07-25 | In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. |
| CVE-2021-37468 | 2021-07-25 | NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. |
| CVE-2021-37467 | 2021-07-25 | In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). |
| CVE-2021-37466 | 2021-07-25 | In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). |
| CVE-2021-37465 | 2021-07-25 | In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). |
| CVE-2021-37464 | 2021-07-25 | In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). |
| CVE-2021-37463 | 2021-07-25 | In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). |
| CVE-2021-37462 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). |
| CVE-2021-37461 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). |
| CVE-2021-37460 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). |
| CVE-2021-37459 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). |
| CVE-2021-37458 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). |
| CVE-2021-37457 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). |
| CVE-2021-37456 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). |
| CVE-2021-37455 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). |
| CVE-2021-37454 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). |
| CVE-2021-37453 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). |
| CVE-2021-37452 | 2021-07-25 | NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. |
| CVE-2021-37451 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected). |
| CVE-2021-37450 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected). |
| CVE-2021-37449 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). |
| CVE-2021-37448 | 2021-07-25 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). |
| CVE-2021-37447 | 2021-07-25 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. |
| CVE-2021-37446 | 2021-07-25 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. |
| CVE-2021-37445 | 2021-07-25 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. |
| CVE-2021-37444 | 2021-07-25 | NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname... |
| CVE-2021-37443 | 2021-07-25 | NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. |
| CVE-2021-37442 | 2021-07-25 | NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. |
| CVE-2021-37441 | 2021-07-25 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. |
| CVE-2021-37440 | 2021-07-25 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. |