Lista CVE - 2021 / Agosto
Visualizzazione 1501 - 1600 di 2087 CVE per Agosto 2021 (Pagina 16 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-39154 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39139 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39151 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39153 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39141 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39145 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39146 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39147 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39148 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39149 | 2021-08-23 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-39140 | 2021-08-23 | XStream can cause a Denial of Service |
| CVE-2021-39152 | 2021-08-23 | A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling |
| CVE-2021-39150 | 2021-08-23 | A Server-Side Forgery Request vulnerability in XStream via PriorityQueue unmarshaling |
| CVE-2021-22328 | 2021-08-23 | There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful... |
| CVE-2021-22357 | 2021-08-23 | There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific... |
| CVE-2021-22449 | 2021-08-23 | There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker... |
| CVE-2021-22253 | 2021-08-23 | Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the... |
| CVE-2021-22252 | 2021-08-23 | A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers |
| CVE-2021-22251 | 2021-08-23 | Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group... |
| CVE-2021-22248 | 2021-08-23 | Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines... |
| CVE-2021-22249 | 2021-08-23 | A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group |
| CVE-2020-18730 | 2021-08-23 | A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). |
| CVE-2020-18731 | 2021-08-23 | A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). |
| CVE-2020-18734 | 2021-08-23 | A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. |
| CVE-2020-18735 | 2021-08-23 | A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. |
| CVE-2021-39158 | 2021-08-23 | Dependency injection in NVCaffe |
| CVE-2021-39608 | 2021-08-23 | Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. |
| CVE-2021-39609 | 2021-08-23 | Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. |
| CVE-2021-39613 | 2021-08-23 | D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered... |
| CVE-2021-39614 | 2021-08-23 | D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. |
| CVE-2021-39615 | 2021-08-23 | D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will... |
| CVE-2020-18775 | 2021-08-23 | In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. |
| CVE-2020-18776 | 2021-08-23 | In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. |
| CVE-2020-18778 | 2021-08-23 | In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. |
| CVE-2021-39599 | 2021-08-23 | Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. |
| CVE-2021-39602 | 2021-08-23 | A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service. |
| CVE-2021-36013 | 2021-08-23 | Adobe Media Encoder VOB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-28596 | 2021-08-23 | Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-36690 | 2021-08-24 | A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance... |
| CVE-2021-23406 | 2021-08-24 | Remote Code Execution (RCE) |
| CVE-2021-23431 | 2021-08-24 | Cross-site Request Forgery (CSRF) |
| CVE-2021-23430 | 2021-08-24 | Directory Traversal |
| CVE-2021-23429 | 2021-08-24 | Denial of Service (DoS) |
| CVE-2021-23432 | 2021-08-24 | Prototype Pollution |
| CVE-2021-38611 | 2021-08-24 | A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter... |
| CVE-2021-38612 | 2021-08-24 | In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. |
| CVE-2021-38613 | 2021-08-24 | The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. |
| CVE-2021-33191 | 2021-08-24 | MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol |
| CVE-2021-36385 | 2021-08-24 | A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field.... |
| CVE-2021-38557 | 2021-08-24 | raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the... |
| CVE-2021-38556 | 2021-08-24 | includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. |
| CVE-2021-38306 | 2021-08-24 | Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. |
| CVE-2021-39376 | 2021-08-24 | Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. |
| CVE-2021-39375 | 2021-08-24 | Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. |
| CVE-2021-37538 | 2021-08-24 | Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the... |
| CVE-2021-38714 | 2021-08-24 | In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. |
| CVE-2021-26040 | 2021-08-24 | [20210801] - Core - Insufficient access control for com_media deletion endpoint |
| CVE-2021-3711 | 2021-08-24 | SM2 Decryption Buffer Overflow |
| CVE-2021-3712 | 2021-08-24 | Read buffer overruns processing ASN.1 strings |
| CVE-2021-39137 | 2021-08-24 | Consensus flaw during block processing in go-ethereum |
| CVE-2021-32263 | 2021-08-24 | ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the ok_csv_circular_buffer_read function in ok_csv.c. |
| CVE-2021-28554 | 2021-08-24 | Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution |
| CVE-2021-28632 | 2021-08-24 | ZDI-CAN-13471: Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-28552 | 2021-08-24 | Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-28551 | 2021-08-24 | Adobe Acrobat Pro DC JPEG2000 Editing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-28631 | 2021-08-24 | Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-28626 | 2021-08-24 | Adobe Experience Manager Improper Authorization at /content/usergenerated |
| CVE-2021-28625 | 2021-08-24 | Adobe Experience Manager Cross-site Scripting vulnerability in inbox workitem.jsp |
| CVE-2021-28628 | 2021-08-24 | Adobe Experience Manager Cross-site Scripting vulnerability in inbox render.jsp |
| CVE-2021-28627 | 2021-08-24 | Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass |
| CVE-2021-28601 | 2021-08-24 | Adobe After Effects NULL Pointer Dereference vulnerability |
| CVE-2021-28604 | 2021-08-24 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28603 | 2021-08-24 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28602 | 2021-08-24 | Adobe After Effects Memory corruption could lead to code execution vulnerability |
| CVE-2021-28600 | 2021-08-24 | Adobe After Effects Out-of-bounds Read vulnerability could lead to sensitive information disclosure |
| CVE-2021-28605 | 2021-08-24 | Adobe After Effects memory corruption could lead to arbitrary code execution |
| CVE-2021-28606 | 2021-08-24 | Adobe After Effects Stack Overflow vulnerability could lead to arbitrary code execution |
| CVE-2021-28607 | 2021-08-24 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28609 | 2021-08-24 | Adobe After Effects Out-of-bounds Read vulnerability could lead to sensitive information disclosure |
| CVE-2021-28616 | 2021-08-24 | Adobe After Effects Out-of-bounds Read vulnerability |
| CVE-2021-28611 | 2021-08-24 | Adobe After Effects Out-of-bounds Read vulnerability |
| CVE-2021-28610 | 2021-08-24 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28608 | 2021-08-24 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28615 | 2021-08-24 | Adobe After Effects Out-of-bounds Read vulnerability could lead to sensitive information disclosure |
| CVE-2021-28612 | 2021-08-24 | Adobe After Effects Out-of-bounds Read vulnerability |
| CVE-2021-28614 | 2021-08-24 | Adobe After Effects Out-of-bounds Read vulnerability |
| CVE-2021-39157 | 2021-08-24 | Improper Handling of Exceptional Conditions in detect-character-encoding |
| CVE-2021-28618 | 2021-08-24 | Adobe Animate out-of-bounds read vulnerability could lead to sensitive information disclosure |
| CVE-2021-28617 | 2021-08-24 | Adobe Animate out-of-bounds read vulnerability could lead to sensitive information disclosure |
| CVE-2021-28621 | 2021-08-24 | Adobe Animate FLA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-28620 | 2021-08-24 | Adobe Animate heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28619 | 2021-08-24 | Adobe Animate out-of-bounds read vulnerability could lead to sensitive information disclosure |
| CVE-2021-28622 | 2021-08-24 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-28630 | 2021-08-24 | Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-28629 | 2021-08-24 | Adobe Animate heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28633 | 2021-08-24 | Adobe Creative Cloud Installer Arbitrary File Write |
| CVE-2021-28594 | 2021-08-24 | Creative Cloud Desktop installer Uncontrolled Search Path element could lead to arbitrary code execution |
| CVE-2021-30851 | 2021-08-24 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content... |
| CVE-2021-30852 | 2021-08-24 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing... |
| CVE-2021-30853 | 2021-08-24 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6. A malicious application may bypass Gatekeeper checks. |