Lista CVE - 2021 / Luglio
Visualizzazione 401 - 500 di 1581 CVE per Luglio 2021 (Pagina 5 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-35037 | 2021-07-12 | Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be... |
| CVE-2021-35064 | 2021-07-12 | KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. |
| CVE-2021-30129 | 2021-07-12 | DoS/OOM leak vulnerability in Apache Mina SSHD Server |
| CVE-2021-36377 | 2021-07-12 | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. |
| CVE-2021-32678 | 2021-07-12 | Ratelimit not applied on OCS API responses |
| CVE-2020-21131 | 2021-07-12 | SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. |
| CVE-2020-21132 | 2021-07-12 | SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. |
| CVE-2020-21133 | 2021-07-12 | SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. |
| CVE-2021-26089 | 2021-07-12 | An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. |
| CVE-2021-32679 | 2021-07-12 | Filenames not escaped by default in controllers using DownloadResponse |
| CVE-2021-26090 | 2021-07-12 | A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust... |
| CVE-2021-36382 | 2021-07-12 | Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). |
| CVE-2021-36383 | 2021-07-12 | Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to... |
| CVE-2021-26088 | 2021-07-12 | An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically... |
| CVE-2021-32680 | 2021-07-12 | Audit log is not properly logging unsetting of share expiration date |
| CVE-2021-24015 | 2021-07-12 | An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via... |
| CVE-2021-24013 | 2021-07-12 | Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. |
| CVE-2020-7872 | 2021-07-12 | DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary... |
| CVE-2021-32688 | 2021-07-12 | Application specific tokens can change their own scope |
| CVE-2020-18979 | 2021-07-12 | Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. |
| CVE-2021-33807 | 2021-07-12 | Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. |
| CVE-2021-30639 | 2021-07-12 | DoS after non-blocking IO error |
| CVE-2021-30640 | 2021-07-12 | Auth weakness in JNDIRealm |
| CVE-2021-33037 | 2021-07-12 | Incorrect Transfer-Encoding handling with HTTP/1.0 |
| CVE-2020-18980 | 2021-07-12 | Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. |
| CVE-2021-23390 | 2021-07-12 | Arbitrary Code Execution |
| CVE-2021-23389 | 2021-07-12 | Arbitrary Code Execution |
| CVE-2020-19204 | 2021-07-12 | An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box... |
| CVE-2021-32703 | 2021-07-12 | Lack of ratelimit on shareinfo endpoint |
| CVE-2021-32705 | 2021-07-12 | Lack of ratelimit on public DAV endpoint |
| CVE-2020-19203 | 2021-07-12 | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description)... |
| CVE-2021-21588 | 2021-07-12 | Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions... |
| CVE-2021-21589 | 2021-07-12 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges. |
| CVE-2021-21590 | 2021-07-12 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to... |
| CVE-2021-21591 | 2021-07-12 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to... |
| CVE-2021-36381 | 2021-07-12 | In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. |
| CVE-2020-19201 | 2021-07-12 | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output... |
| CVE-2020-4938 | 2021-07-12 | IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2021-20414 | 2021-07-12 | IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216. |
| CVE-2021-29792 | 2021-07-12 | IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges... |
| CVE-2021-29794 | 2021-07-12 | IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM... |
| CVE-2021-29803 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-29804 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-29805 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-29822 | 2021-07-12 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2020-18982 | 2021-07-12 | Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. |
| CVE-2020-23079 | 2021-07-12 | SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. |
| CVE-2020-19037 | 2021-07-12 | Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. |
| CVE-2020-19038 | 2021-07-12 | File Deletion vulnerability in Halo 0.4.3 via delBackup. |
| CVE-2021-32689 | 2021-07-12 | Nextcloud Talk not properly disassociating users from chats after account deletion |
| CVE-2021-32707 | 2021-07-12 | Bypass of image blocking in Nextcloud Mail |
| CVE-2020-19907 | 2021-07-12 | A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. |
| CVE-2021-24365 | 2021-07-12 | Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field |
| CVE-2021-24385 | 2021-07-12 | Filebird 4.7.3 - Unauthenticated SQL Injection |
| CVE-2021-24408 | 2021-07-12 | Prismatic < 2.8 - Contributor+ Stored XSS |
| CVE-2021-24409 | 2021-07-12 | Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24418 | 2021-07-12 | Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning |
| CVE-2021-24419 | 2021-07-12 | WP YouTube Lyte < 1.7.16 - Authenticated Stored XSS |
| CVE-2021-24420 | 2021-07-12 | Request a Quote < 2.3.4 - Authenticated Stored XSS |
| CVE-2021-24421 | 2021-07-12 | WP JobSearch < 1.7.4 - Authenticated Stored XSS |
| CVE-2021-24424 | 2021-07-12 | WP Reset < 1.90 - Authenticated Stored XSS |
| CVE-2021-24426 | 2021-07-12 | Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24427 | 2021-07-12 | W3 Total Cache < 2.1.3 - Authenticated Stored XSS |
| CVE-2021-24429 | 2021-07-12 | Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24434 | 2021-07-12 | Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24439 | 2021-07-12 | Browser Screenshots < 1.7.6 - Contributor+ Stored XSS |
| CVE-2021-24440 | 2021-07-12 | Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24441 | 2021-07-12 | Sign-up Sheets < 1.0.14 - Authenticated CSV Injection |
| CVE-2021-24442 | 2021-07-12 | Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection |
| CVE-2021-24454 | 2021-07-12 | YOP Poll < 6.2.8 - Stored Cross-Site Scripting |
| CVE-2021-32725 | 2021-07-12 | Default share permissions not respected for federated reshares |
| CVE-2020-18544 | 2021-07-12 | SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". |
| CVE-2021-32726 | 2021-07-12 | Webauthn tokens not removed after user has been deleted |
| CVE-2021-32727 | 2021-07-12 | End-to-end encryption device setup did not verify public key |
| CVE-2021-32733 | 2021-07-12 | XSS in Nextcloud Text application |
| CVE-2021-32734 | 2021-07-12 | File path disclosure of shared files in Nextcloud Text application |
| CVE-2021-32741 | 2021-07-12 | Lack of ratelimit on public share link mount endpoint |
| CVE-2021-32746 | 2021-07-12 | Possible path traversal by use of the `doc` module |
| CVE-2021-32747 | 2021-07-12 | Custom variable protection and blacklists can be circumvented |
| CVE-2021-32754 | 2021-07-12 | Improper Restriction of XML External Entity Reference in de.tud.sse |
| CVE-2020-19716 | 2021-07-13 | A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). |
| CVE-2021-1940 | 2021-07-13 | Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,... |
| CVE-2021-31810 | 2021-07-13 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back... |
| CVE-2021-34552 | 2021-07-13 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. |
| CVE-2020-11307 | 2021-07-13 | Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
| CVE-2021-1886 | 2021-07-13 | Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon... |
| CVE-2021-1887 | 2021-07-13 | An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking |
| CVE-2021-1888 | 2021-07-13 | Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-1889 | 2021-07-13 | Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice &... |
| CVE-2021-1890 | 2021-07-13 | Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... |
| CVE-2021-1896 | 2021-07-13 | Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity |
| CVE-2021-1897 | 2021-07-13 | Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| CVE-2021-1898 | 2021-07-13 | Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| CVE-2021-1899 | 2021-07-13 | Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2021-1901 | 2021-07-13 | Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| CVE-2021-1907 | 2021-07-13 | Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-1931 | 2021-07-13 | Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-1938 | 2021-07-13 | Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-1943 | 2021-07-13 | Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2021-1945 | 2021-07-13 | Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |