Lista CVE - 2021 / Agosto
Visualizzazione 1001 - 1100 di 2087 CVE per Agosto 2021 (Pagina 11 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-27741 | 2021-08-13 | " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" |
| CVE-2021-3635 | 2021-08-13 | A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter... |
| CVE-2021-38583 | 2021-08-13 | openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=). |
| CVE-2021-38621 | 2021-08-13 | The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. |
| CVE-2021-38619 | 2021-08-13 | openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and... |
| CVE-2021-37693 | 2021-08-13 | Re-use of email tokens in Discourse |
| CVE-2021-37703 | 2021-08-13 | Information exposure in Discourse |
| CVE-2021-27401 | 2021-08-13 | The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient... |
| CVE-2021-27402 | 2021-08-13 | The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper... |
| CVE-2021-32067 | 2021-08-13 | The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. |
| CVE-2021-32068 | 2021-08-13 | The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient... |
| CVE-2021-32070 | 2021-08-13 | The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow... |
| CVE-2021-32071 | 2021-08-13 | The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker... |
| CVE-2021-32072 | 2021-08-13 | The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful... |
| CVE-2021-3352 | 2021-08-13 | The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without... |
| CVE-2021-37586 | 2021-08-13 | The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to... |
| CVE-2021-32069 | 2021-08-13 | The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to... |
| CVE-2021-1104 | 2021-08-13 | The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of... |
| CVE-2021-34398 | 2021-08-13 | NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as... |
| CVE-2021-38554 | 2021-08-13 | HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases. |
| CVE-2021-38553 | 2021-08-13 | HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise... |
| CVE-2021-29880 | 2021-08-13 | IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect... |
| CVE-2021-37028 | 2021-08-13 | There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands. |
| CVE-2021-36380 | 2021-08-13 | Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. |
| CVE-2021-36789 | 2021-08-13 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. |
| CVE-2021-36790 | 2021-08-13 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. |
| CVE-2021-36791 | 2021-08-13 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. |
| CVE-2021-36792 | 2021-08-13 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. |
| CVE-2020-18753 | 2021-08-13 | An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. |
| CVE-2020-18754 | 2021-08-13 | An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. |
| CVE-2020-18756 | 2021-08-13 | An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area. |
| CVE-2020-18757 | 2021-08-13 | An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet. |
| CVE-2020-18758 | 2021-08-13 | An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. |
| CVE-2020-18759 | 2021-08-13 | An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100. |
| CVE-2021-36788 | 2021-08-13 | The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. |
| CVE-2021-36785 | 2021-08-13 | The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. |
| CVE-2021-36786 | 2021-08-13 | The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. |
| CVE-2021-36787 | 2021-08-13 | The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. |
| CVE-2021-36793 | 2021-08-13 | The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output. |
| CVE-2021-38623 | 2021-08-13 | The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. |
| CVE-2021-34823 | 2021-08-13 | The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the... |
| CVE-2021-38302 | 2021-08-13 | The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. |
| CVE-2021-21830 | 2021-08-13 | A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker... |
| CVE-2021-21829 | 2021-08-13 | A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker... |
| CVE-2021-37705 | 2021-08-13 | Improper Authorization and Origin Validation Error in OneFuzz |
| CVE-2020-21066 | 2021-08-13 | An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac. |
| CVE-2021-21812 | 2021-08-13 | A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who... |
| CVE-2021-21814 | 2021-08-13 | Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the... |
| CVE-2021-21813 | 2021-08-13 | Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path... |
| CVE-2021-21815 | 2021-08-13 | A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who... |
| CVE-2020-36473 | 2021-08-14 | UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs. |
| CVE-2021-37326 | 2021-08-15 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. |
| CVE-2021-38699 | 2021-08-15 | TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs. |
| CVE-2021-25955 | 2021-08-15 | Stored XSS in “Dolibarr” leads to privilege escalation |
| CVE-2021-22931 | 2021-08-16 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js... |
| CVE-2021-22939 | 2021-08-16 | If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would... |
| CVE-2021-22940 | 2021-08-16 | Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. |
| CVE-2021-33193 | 2021-08-16 | Request splitting via HTTP/2 method injection and mod_proxy |
| CVE-2021-26086 | 2021-08-16 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before... |
| CVE-2021-38709 | 2021-08-16 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. |
| CVE-2021-38708 | 2021-08-16 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. |
| CVE-2021-38711 | 2021-08-16 | In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. |
| CVE-2021-38713 | 2021-08-16 | imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. |
| CVE-2021-38712 | 2021-08-16 | OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file. |
| CVE-2021-3707 | 2021-08-16 | D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any... |
| CVE-2021-3708 | 2021-08-16 | D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any... |
| CVE-2021-35936 | 2021-08-16 | No Authentication on Logging Server |
| CVE-2021-23423 | 2021-08-16 | Directory Traversal |
| CVE-2021-23422 | 2021-08-16 | Arbitrary Code Injection |
| CVE-2021-24362 | 2021-08-16 | Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG |
| CVE-2021-24363 | 2021-08-16 | Photo Gallery < 1.5.75 - File Upload Path Traversal |
| CVE-2021-24380 | 2021-08-16 | Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF |
| CVE-2021-24410 | 2021-08-16 | Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24411 | 2021-08-16 | Social Tape <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24445 | 2021-08-16 | My Site Audit <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24466 | 2021-08-16 | Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS |
| CVE-2021-24471 | 2021-08-16 | YouTube Embed < 5.2.2 - Contributor+ Stored XSS |
| CVE-2021-24512 | 2021-08-16 | Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS |
| CVE-2021-24518 | 2021-08-16 | WPFront Notification Bar < 2.0.0.07176 - Authenticated Stored XSS |
| CVE-2021-24519 | 2021-08-16 | Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24526 | 2021-08-16 | Form Maker < 1.13.60 - Authenticated Stored XSS |
| CVE-2021-24527 | 2021-08-16 | Profile Builder < 3.4.9 - Admin Access via Password Reset |
| CVE-2021-24534 | 2021-08-16 | PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS |
| CVE-2021-24535 | 2021-08-16 | Light Messages <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24536 | 2021-08-16 | Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS |
| CVE-2021-24538 | 2021-08-16 | Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24540 | 2021-08-16 | Wonder Video Embed < 1.8 - Contributor+ Stored XSS |
| CVE-2021-24541 | 2021-08-16 | Wonder PDF Embed < 1.7 - Contributor+ Stored XSS |
| CVE-2021-24548 | 2021-08-16 | Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-35395 | 2021-08-16 | Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this... |
| CVE-2021-35394 | 2021-08-16 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption... |
| CVE-2021-35393 | 2021-08-16 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and... |
| CVE-2021-35392 | 2021-08-16 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and... |
| CVE-2021-38607 | 2021-08-16 | Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. |
| CVE-2021-38751 | 2021-08-16 | A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a... |
| CVE-2021-38752 | 2021-08-16 | A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. |
| CVE-2021-38753 | 2021-08-16 | An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web... |
| CVE-2021-38754 | 2021-08-16 | SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. |
| CVE-2021-38755 | 2021-08-16 | Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. |
| CVE-2021-38756 | 2021-08-16 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. |