Lista CVE - 2021 / Agosto
Visualizzazione 401 - 500 di 2087 CVE per Agosto 2021 (Pagina 5 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-35325 | 2021-08-05 | A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). |
| CVE-2021-26586 | 2021-08-05 | A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive... |
| CVE-2021-22517 | 2021-08-05 | A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A... |
| CVE-2021-28216 | 2021-08-05 | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. |
| CVE-2021-20592 | 2021-08-05 | Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through... |
| CVE-2021-3642 | 2021-08-05 | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The... |
| CVE-2021-3655 | 2021-08-05 | A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. |
| CVE-2020-22392 | 2021-08-05 | Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file. |
| CVE-2021-20594 | 2021-08-06 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series... |
| CVE-2021-20597 | 2021-08-06 | Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU... |
| CVE-2021-38155 | 2021-08-06 | OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing... |
| CVE-2021-32597 | 2021-08-06 | Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker... |
| CVE-2021-32587 | 2021-08-06 | An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated... |
| CVE-2021-37388 | 2021-08-06 | A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. |
| CVE-2021-38149 | 2021-08-06 | index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS. |
| CVE-2021-38151 | 2021-08-06 | index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS. |
| CVE-2021-38152 | 2021-08-06 | index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS. |
| CVE-2021-37381 | 2021-08-06 | Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through... |
| CVE-2021-22295 | 2021-08-06 | A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler. |
| CVE-2021-36351 | 2021-08-06 | SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php. |
| CVE-2021-36705 | 2021-08-06 | In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of... |
| CVE-2021-36706 | 2021-08-06 | In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of... |
| CVE-2021-36209 | 2021-08-06 | In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. |
| CVE-2021-36707 | 2021-08-06 | In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of... |
| CVE-2021-36708 | 2021-08-06 | In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. |
| CVE-2021-37540 | 2021-08-06 | In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. |
| CVE-2021-37541 | 2021-08-06 | In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. |
| CVE-2021-37543 | 2021-08-06 | In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. |
| CVE-2021-37542 | 2021-08-06 | In JetBrains TeamCity before 2020.2.3, XSS was possible. |
| CVE-2021-37544 | 2021-08-06 | In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. |
| CVE-2021-37545 | 2021-08-06 | In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. |
| CVE-2021-37546 | 2021-08-06 | In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. |
| CVE-2021-37547 | 2021-08-06 | In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. |
| CVE-2021-37548 | 2021-08-06 | In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. |
| CVE-2021-37549 | 2021-08-06 | In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. |
| CVE-2020-22330 | 2021-08-06 | Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. |
| CVE-2021-37550 | 2021-08-06 | In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. |
| CVE-2021-37552 | 2021-08-06 | In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. |
| CVE-2021-37551 | 2021-08-06 | In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. |
| CVE-2021-37553 | 2021-08-06 | In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. |
| CVE-2021-37554 | 2021-08-06 | In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. |
| CVE-2021-38137 | 2021-08-06 | Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role. |
| CVE-2021-38136 | 2021-08-06 | Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file... |
| CVE-2021-26606 | 2021-08-06 | DreamSecurity MagicLine Buffer Overflow Vulnerability |
| CVE-2021-26998 | 2021-08-06 | NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers... |
| CVE-2021-26999 | 2021-08-06 | NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should... |
| CVE-2021-36454 | 2021-08-06 | Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8)... |
| CVE-2021-36455 | 2021-08-06 | SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php. |
| CVE-2021-20598 | 2021-08-06 | Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user... |
| CVE-2021-36795 | 2021-08-06 | A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met,... |
| CVE-2020-18693 | 2021-08-06 | Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'. |
| CVE-2020-18694 | 2021-08-06 | Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile". |
| CVE-2021-35312 | 2021-08-06 | A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a... |
| CVE-2021-38157 | 2021-08-06 | LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2020-21353 | 2021-08-06 | A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module. |
| CVE-2020-21356 | 2021-08-06 | An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. |
| CVE-2020-21357 | 2021-08-06 | A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field. |
| CVE-2020-21358 | 2021-08-06 | A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. |
| CVE-2020-28087 | 2021-08-06 | A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information. |
| CVE-2020-28088 | 2021-08-06 | An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. |
| CVE-2021-29922 | 2021-08-07 | library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control... |
| CVE-2021-38185 | 2021-08-07 | GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it... |
| CVE-2021-38148 | 2021-08-07 | Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs. |
| CVE-2021-38160 | 2021-08-07 | In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the... |
| CVE-2021-38159 | 2021-08-07 | In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database.... |
| CVE-2021-29923 | 2021-08-07 | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is... |
| CVE-2021-38165 | 2021-08-07 | Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. |
| CVE-2021-38166 | 2021-08-07 | In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical... |
| CVE-2021-38167 | 2021-08-07 | Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication. |
| CVE-2021-38169 | 2021-08-07 | Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. |
| CVE-2021-38168 | 2021-08-07 | Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers. |
| CVE-2021-38173 | 2021-08-07 | Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. |
| CVE-2021-36221 | 2021-08-08 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. |
| CVE-2021-38196 | 2021-08-08 | An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose. |
| CVE-2021-38195 | 2021-08-08 | An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than... |
| CVE-2021-38194 | 2021-08-08 | An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that... |
| CVE-2021-38193 | 2021-08-08 | An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to... |
| CVE-2021-38192 | 2021-08-08 | An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime. |
| CVE-2021-38191 | 2021-08-08 | An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread. |
| CVE-2021-38190 | 2021-08-08 | An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to... |
| CVE-2021-38189 | 2021-08-08 | An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then... |
| CVE-2021-38188 | 2021-08-08 | An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely. |
| CVE-2021-38187 | 2021-08-08 | An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64. |
| CVE-2021-38186 | 2021-08-08 | An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities. |
| CVE-2020-36472 | 2021-08-08 | An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types that they contain. |
| CVE-2020-36471 | 2021-08-08 | An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds. |
| CVE-2020-36470 | 2021-08-08 | An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references. |
| CVE-2020-36469 | 2021-08-08 | An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. |
| CVE-2020-36468 | 2021-08-08 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. |
| CVE-2020-36467 | 2021-08-08 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. |
| CVE-2020-36466 | 2021-08-08 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types. |
| CVE-2020-36465 | 2021-08-08 | An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. |
| CVE-2020-36464 | 2021-08-08 | An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed. |
| CVE-2020-36463 | 2021-08-08 | An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>. |
| CVE-2020-36462 | 2021-08-08 | An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2. |
| CVE-2020-36461 | 2021-08-08 | An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock. |
| CVE-2020-36460 | 2021-08-08 | An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner... |
| CVE-2020-36459 | 2021-08-08 | An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore. |
| CVE-2020-36458 | 2021-08-08 | An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send. |
| CVE-2020-36457 | 2021-08-08 | An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all types T. |