Lista CVE - 2021 / Agosto
Visualizzazione 1101 - 1200 di 2087 CVE per Agosto 2021 (Pagina 12 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-38757 | 2021-08-16 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. |
| CVE-2021-38758 | 2021-08-16 | Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. |
| CVE-2020-18698 | 2021-08-16 | Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. |
| CVE-2020-18699 | 2021-08-16 | Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'. |
| CVE-2020-18701 | 2021-08-16 | Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows... |
| CVE-2020-18702 | 2021-08-16 | Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. |
| CVE-2020-18703 | 2021-08-16 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. |
| CVE-2020-18704 | 2021-08-16 | Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. |
| CVE-2020-18705 | 2021-08-16 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. |
| CVE-2021-34643 | 2021-08-16 | Skaut bazar <= 1.3.2 Reflected Cross-Site Scripting |
| CVE-2021-34644 | 2021-08-16 | Multiplayer Games <= 3.7 Reflected Cross-Site Scripting |
| CVE-2021-34642 | 2021-08-16 | Smart Email Alerts <= 1.0.10 Reflected Cross-Site Scripting |
| CVE-2021-34652 | 2021-08-16 | Media Usage <= 0.0.4 Reflected Cross-Site Scripting |
| CVE-2021-34649 | 2021-08-16 | Simple Behance Portfolio <= 0.2 Reflected Cross-Site Scripting |
| CVE-2021-34653 | 2021-08-16 | WP Fountain <= 1.5.9 Reflected Cross-Site Scripting |
| CVE-2021-34654 | 2021-08-16 | Custom Post Type Relations <= 1.0 Reflected Cross-Site Scripting |
| CVE-2021-34651 | 2021-08-16 | Scribble Maps <= 1.2 Reflected Cross-Site Scripting |
| CVE-2021-34656 | 2021-08-16 | 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat <= 5.2.7 Reflected Cross-Site Scripting |
| CVE-2021-34657 | 2021-08-16 | TypoFR <= 0.11 Reflected Cross-Site Scripting |
| CVE-2021-34655 | 2021-08-16 | WP Songbook <= 2.0.11 Reflected Cross-Site Scripting |
| CVE-2021-34658 | 2021-08-16 | Simple Popup Newsletter <= 1.4.7 Reflected Cross-Site Scripting |
| CVE-2021-34663 | 2021-08-16 | jQuery Tagline Rotator <= 0.1.5 Reflected Cross-Site Scripting |
| CVE-2021-34659 | 2021-08-16 | Plugmatter Pricing Table Lite <= 1.0.32 Reflected Cross-Site Scripting |
| CVE-2021-34664 | 2021-08-16 | Moova for WooCommerce <= 3.5 Reflected Cross-Site Scripting |
| CVE-2021-34665 | 2021-08-16 | WP SEO Tags <= 2.2.7 Reflected Cross-Site Scripting |
| CVE-2021-34666 | 2021-08-16 | Add Sidebar <= 2.0.0 Reflected Cross-Site Scripting |
| CVE-2021-34667 | 2021-08-16 | Calendar_plugin <= 1.0 Reflected Cross-Site Scripting |
| CVE-2021-0114 | 2021-08-16 | Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. |
| CVE-2021-22933 | 2021-08-16 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. |
| CVE-2021-22938 | 2021-08-16 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. |
| CVE-2021-22934 | 2021-08-16 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a... |
| CVE-2021-22935 | 2021-08-16 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. |
| CVE-2021-22932 | 2021-08-16 | An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously... |
| CVE-2021-22936 | 2021-08-16 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. |
| CVE-2021-22937 | 2021-08-16 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. |
| CVE-2021-32822 | 2021-08-16 | File disclosure in hbs |
| CVE-2021-34641 | 2021-08-16 | SEOPress <= 5.0.0 – 5.0.3 Authenticated Stored Cross-Site Scripting |
| CVE-2021-38315 | 2021-08-16 | SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting |
| CVE-2021-37707 | 2021-08-16 | Manipulation of product reviews via API |
| CVE-2021-32825 | 2021-08-16 | ZipSlip vulnerability in bblfshd |
| CVE-2021-38608 | 2021-08-16 | Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. |
| CVE-2021-21859 | 2021-08-16 | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the... |
| CVE-2021-21860 | 2021-08-16 | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory... |
| CVE-2021-21861 | 2021-08-16 | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4... |
| CVE-2021-37708 | 2021-08-16 | Command injection in mail agent settings |
| CVE-2021-32827 | 2021-08-16 | Arbitrary code execution in MockServer |
| CVE-2021-32826 | 2021-08-16 | Remote code execution in Proxyee-Down |
| CVE-2021-21568 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles... |
| CVE-2021-21592 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. |
| CVE-2021-21594 | 2021-08-16 | Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends... |
| CVE-2021-21595 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges.... |
| CVE-2021-21599 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance... |
| CVE-2021-36278 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit... |
| CVE-2021-36279 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information... |
| CVE-2021-36280 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information... |
| CVE-2021-36281 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. |
| CVE-2021-36282 | 2021-08-16 | Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access... |
| CVE-2021-37709 | 2021-08-16 | Insecure direct object reference of log files of the Import/Export feature |
| CVE-2021-37710 | 2021-08-16 | Cross-Site Scripting via SVG media files |
| CVE-2021-37711 | 2021-08-16 | Authenticated server-side request forgery in file upload via URL. |
| CVE-2020-4706 | 2021-08-17 | IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a... |
| CVE-2020-4992 | 2021-08-17 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2021-25957 | 2021-08-17 | Account Takeover in "Dolibarr" via Password Reset Functionality |
| CVE-2021-25956 | 2021-08-17 | Improper User Access Control in "Dolibarr" Leads to Account Takeover |
| CVE-2020-28846 | 2021-08-17 | Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. |
| CVE-2021-32829 | 2021-08-17 | Post-authentication Remote Code Execution (RCE) in ZStack REST API |
| CVE-2021-3458 | 2021-08-17 | The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified. |
| CVE-2021-3459 | 2021-08-17 | A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter. |
| CVE-2021-3615 | 2021-08-17 | A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is... |
| CVE-2021-3616 | 2021-08-17 | A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability... |
| CVE-2021-3617 | 2021-08-17 | A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as... |
| CVE-2021-3633 | 2021-08-17 | A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. |
| CVE-2020-15955 | 2021-08-17 | In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials... |
| CVE-2020-29548 | 2021-08-17 | An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. |
| CVE-2021-29056 | 2021-08-17 | Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php. |
| CVE-2021-32830 | 2021-08-17 | The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of... |
| CVE-2021-29313 | 2021-08-17 | Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, |
| CVE-2021-0646 | 2021-08-17 | In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also... |
| CVE-2021-0645 | 2021-08-17 | In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which... |
| CVE-2021-0519 | 2021-08-17 | In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-0584 | 2021-08-17 | In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-0593 | 2021-08-17 | In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User... |
| CVE-2021-0591 | 2021-08-17 | In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution... |
| CVE-2021-0642 | 2021-08-17 | In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2021-0641 | 2021-08-17 | In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-0582 | 2021-08-17 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no... |
| CVE-2021-0578 | 2021-08-17 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no... |
| CVE-2021-0573 | 2021-08-17 | In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0579 | 2021-08-17 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no... |
| CVE-2021-0580 | 2021-08-17 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no... |
| CVE-2021-0581 | 2021-08-17 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no... |
| CVE-2021-0574 | 2021-08-17 | In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0576 | 2021-08-17 | In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0640 | 2021-08-17 | In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0639 | 2021-08-17 | In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure... |
| CVE-2021-39242 | 2021-08-17 | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a... |
| CVE-2021-39241 | 2021-08-17 | An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the... |
| CVE-2021-39240 | 2021-08-17 | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have... |
| CVE-2021-25263 | 2021-08-17 | Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory... |
| CVE-2021-22156 | 2021-08-17 | An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for... |