Lista CVE - 2021 / Luglio
Visualizzazione 1201 - 1300 di 1581 CVE per Luglio 2021 (Pagina 13 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-34619 | 2021-07-21 | Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin |
| CVE-2021-22145 | 2021-07-21 | A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that... |
| CVE-2021-22146 | 2021-07-21 | All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is... |
| CVE-2021-25699 | 2021-07-21 | The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the... |
| CVE-2021-25698 | 2021-07-21 | The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the... |
| CVE-2021-25695 | 2021-07-21 | The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the... |
| CVE-2021-25701 | 2021-07-21 | The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker... |
| CVE-2020-23283 | 2021-07-21 | Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. |
| CVE-2020-23282 | 2021-07-21 | SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get... |
| CVE-2020-21932 | 2021-07-21 | A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. |
| CVE-2020-21933 | 2021-07-21 | An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. |
| CVE-2020-21934 | 2021-07-21 | An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. |
| CVE-2020-21935 | 2021-07-21 | A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. |
| CVE-2020-21936 | 2021-07-21 | An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. |
| CVE-2020-21937 | 2021-07-21 | An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. |
| CVE-2020-20219 | 2021-07-21 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). |
| CVE-2020-20262 | 2021-07-21 | Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion... |
| CVE-2021-37155 | 2021-07-21 | wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. |
| CVE-2020-20221 | 2021-07-21 | Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading... |
| CVE-2020-19609 | 2021-07-21 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service. |
| CVE-2021-23411 | 2021-07-21 | Cross-site Scripting (XSS) |
| CVE-2021-21406 | 2021-07-21 | Command Injection vulnerability in the Setup Wizard |
| CVE-2021-21407 | 2021-07-21 | Portal : the CSRF token isn't validated |
| CVE-2021-23408 | 2021-07-21 | Prototype Pollution |
| CVE-2021-32744 | 2021-07-21 | Unauthenticated attacker could gain access to currently open files |
| CVE-2020-22148 | 2021-07-21 | A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-22150 | 2021-07-21 | A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-19463 | 2021-07-21 | An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow. |
| CVE-2020-19464 | 2021-07-21 | An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow . |
| CVE-2020-19465 | 2021-07-21 | An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 . |
| CVE-2020-19466 | 2021-07-21 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 . |
| CVE-2020-19467 | 2021-07-21 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Illegal Use After Free . |
| CVE-2020-19468 | 2021-07-21 | An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a null pointer derefenrece (invalid read of size... |
| CVE-2020-19469 | 2021-07-21 | An issue has been found in function DCTStream::reset in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 8 . |
| CVE-2020-19470 | 2021-07-21 | An issue has been found in function DCTStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a NULL pointer dereference (invalid read of size... |
| CVE-2020-19471 | 2021-07-21 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 . |
| CVE-2020-19472 | 2021-07-21 | An issue has been found in function DCTStream::readHuffSym in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 2 . |
| CVE-2020-19473 | 2021-07-21 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an uncaught floating point exception. |
| CVE-2020-19474 | 2021-07-21 | An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Use After Free . |
| CVE-2020-19475 | 2021-07-21 | An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 2 . |
| CVE-2020-19481 | 2021-07-21 | An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via... |
| CVE-2020-19488 | 2021-07-21 | An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read. |
| CVE-2020-19490 | 2021-07-21 | tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. |
| CVE-2020-19491 | 2021-07-21 | There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly... |
| CVE-2020-19492 | 2021-07-21 | There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified... |
| CVE-2020-19497 | 2021-07-21 | Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts. |
| CVE-2020-19498 | 2021-07-21 | Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts. |
| CVE-2020-19499 | 2021-07-21 | An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read. |
| CVE-2021-35482 | 2021-07-21 | An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local... |
| CVE-2021-32745 | 2021-07-21 | Reflected Cross-Site-Scripting vulnerability |
| CVE-2021-34816 | 2021-07-21 | An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source. |
| CVE-2021-32756 | 2021-07-21 | Arbitrary eval through MiqExpression |
| CVE-2021-32775 | 2021-07-21 | Any user can see any fields (including mailbox password) with GroupBy Dashlet |
| CVE-2021-32776 | 2021-07-21 | No CSRF form token cleanup on Windows servers |
| CVE-2021-32761 | 2021-07-21 | Integer overflow issues with *BIT commands on 32-bit systems |
| CVE-2021-37220 | 2021-07-21 | MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen... |
| CVE-2020-22283 | 2021-07-22 | A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet. |
| CVE-2021-1090 | 2021-07-22 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer... |
| CVE-2021-1093 | 2021-07-22 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which... |
| CVE-2021-1094 | 2021-07-22 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to... |
| CVE-2021-1095 | 2021-07-22 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer... |
| CVE-2021-32785 | 2021-07-22 | Format string bug in the Redis cache implementation |
| CVE-2021-32786 | 2021-07-22 | Open Redirect in oidc_validate_redirect_url() |
| CVE-2021-35942 | 2021-07-22 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially... |
| CVE-2021-1089 | 2021-07-22 | NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data... |
| CVE-2021-1091 | 2021-07-22 | NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated... |
| CVE-2021-1092 | 2021-07-22 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged... |
| CVE-2021-1096 | 2021-07-22 | NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system... |
| CVE-2021-36934 | 2021-07-22 | Windows Elevation of Privilege Vulnerability |
| CVE-2021-28131 | 2021-07-22 | Impala logs contain secrets |
| CVE-2021-20596 | 2021-07-22 | NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker... |
| CVE-2021-22522 | 2021-07-22 | Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data. |
| CVE-2021-22523 | 2021-07-22 | XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user... |
| CVE-2021-35520 | 2021-07-22 | A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and... |
| CVE-2021-35521 | 2021-07-22 | A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via... |
| CVE-2021-35522 | 2021-07-22 | A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote... |
| CVE-2021-30049 | 2021-07-22 | SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. |
| CVE-2021-30486 | 2021-07-22 | SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). |
| CVE-2021-30110 | 2021-07-22 | dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to... |
| CVE-2019-20467 | 2021-07-22 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or... |
| CVE-2021-22001 | 2021-07-22 | In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0”... |
| CVE-2021-29143 | 2021-07-22 | A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch... |
| CVE-2021-29148 | 2021-07-22 | A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series,... |
| CVE-2021-29149 | 2021-07-22 | A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series,... |
| CVE-2021-34431 | 2021-07-22 | In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur,... |
| CVE-2021-34700 | 2021-07-22 | Cisco SD-WAN vManage Software Information Disclosure Vulnerability |
| CVE-2021-1618 | 2021-07-22 | Cisco Intersight Virtual Appliance Vulnerabilities |
| CVE-2021-1617 | 2021-07-22 | Cisco Intersight Virtual Appliance Vulnerabilities |
| CVE-2021-1614 | 2021-07-22 | Cisco SD-WAN Software Information Disclosure Vulnerability |
| CVE-2021-1601 | 2021-07-22 | Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities |
| CVE-2021-1600 | 2021-07-22 | Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities |
| CVE-2021-1518 | 2021-07-22 | Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability |
| CVE-2021-1599 | 2021-07-22 | Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability |
| CVE-2021-26765 | 2021-07-22 | SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. |
| CVE-2021-26762 | 2021-07-22 | SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. |
| CVE-2021-26764 | 2021-07-22 | SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. |
| CVE-2021-26698 | 2021-07-22 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. |
| CVE-2021-26229 | 2021-07-22 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php. |
| CVE-2021-37402 | 2021-07-22 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. |
| CVE-2021-37403 | 2021-07-22 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is... |