Lista CVE - 2021 / Settembre
Visualizzazione 1701 - 1800 di 1899 CVE per Settembre 2021 (Pagina 18 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-40714 | 2021-09-27 | Adobe Experience Manager Reflected Cross Site Scripting via accesskey parameter |
| CVE-2021-40712 | 2021-09-27 | Adobe Experience Manager Path parameter Improper Input Validation Could Lead To DOS |
| CVE-2021-36134 | 2021-09-27 | Out of bounds write in Netop Vision Pro |
| CVE-2021-40329 | 2021-09-27 | The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. |
| CVE-2021-41753 | 2021-09-27 | A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed... |
| CVE-2021-37761 | 2021-09-27 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. |
| CVE-2021-23445 | 2021-09-27 | Cross-site Scripting (XSS) |
| CVE-2021-41558 | 2021-09-27 | The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. |
| CVE-2021-20034 | 2021-09-27 | An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory... |
| CVE-2021-20035 | 2021-09-27 | Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. |
| CVE-2021-41097 | 2021-09-27 | Prototype pollution in aurelia-path |
| CVE-2021-41096 | 2021-09-27 | Use of a Broken or Risky Cryptographic Algorithm in com.mayank.rucky |
| CVE-2021-41095 | 2021-09-27 | XSS via blocked watched word in error message |
| CVE-2021-41098 | 2021-09-27 | Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby |
| CVE-2021-37270 | 2021-09-27 | There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to... |
| CVE-2020-24930 | 2021-09-27 | Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can... |
| CVE-2021-37274 | 2021-09-27 | Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. |
| CVE-2020-20691 | 2021-09-27 | An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. |
| CVE-2020-20692 | 2021-09-27 | GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. |
| CVE-2020-20695 | 2021-09-27 | A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. |
| CVE-2020-20696 | 2021-09-27 | A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. |
| CVE-2020-20693 | 2021-09-27 | A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. |
| CVE-2021-33600 | 2021-09-28 | Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper |
| CVE-2021-33601 | 2021-09-28 | Arbitrary Code Execution in Web Interface of F-Secure Internet Gatekeeper |
| CVE-2021-36165 | 2021-09-28 | RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. |
| CVE-2021-41533 | 2021-09-28 | A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds... |
| CVE-2021-41534 | 2021-09-28 | A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds... |
| CVE-2021-41535 | 2021-09-28 | A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application... |
| CVE-2021-41536 | 2021-09-28 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability... |
| CVE-2021-41537 | 2021-09-28 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability... |
| CVE-2021-41538 | 2021-09-28 | A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application... |
| CVE-2021-41539 | 2021-09-28 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability... |
| CVE-2021-41540 | 2021-09-28 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability... |
| CVE-2021-37146 | 2021-09-28 | An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via... |
| CVE-2021-34636 | 2021-09-28 | Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-22535 | 2021-09-28 | Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information... |
| CVE-2021-38124 | 2021-09-28 | Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. |
| CVE-2021-37104 | 2021-09-28 | There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could... |
| CVE-2021-37106 | 2021-09-28 | There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command... |
| CVE-2021-37105 | 2021-09-28 | There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the... |
| CVE-2021-41104 | 2021-09-28 | web_server allows OTA update without checking user defined basic auth username & password |
| CVE-2021-29358 | 2021-09-28 | A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. |
| CVE-2021-29360 | 2021-09-28 | A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. |
| CVE-2021-29361 | 2021-09-28 | A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. |
| CVE-2021-29362 | 2021-09-28 | A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. |
| CVE-2021-29363 | 2021-09-28 | A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74 |
| CVE-2021-29364 | 2021-09-28 | A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. |
| CVE-2021-29366 | 2021-09-28 | A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. |
| CVE-2021-29365 | 2021-09-28 | Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS). |
| CVE-2021-29367 | 2021-09-28 | A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. |
| CVE-2021-36363 | 2021-09-28 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. |
| CVE-2021-36364 | 2021-09-28 | Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. |
| CVE-2021-36365 | 2021-09-28 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. |
| CVE-2021-36366 | 2021-09-28 | Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. |
| CVE-2021-41318 | 2021-09-28 | In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's... |
| CVE-2021-37273 | 2021-09-28 | A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can... |
| CVE-2021-37271 | 2021-09-28 | Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. |
| CVE-2021-37267 | 2021-09-28 | Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. |
| CVE-2021-30086 | 2021-09-28 | Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. |
| CVE-2021-38303 | 2021-09-28 | A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. |
| CVE-2021-21522 | 2021-09-28 | Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the... |
| CVE-2021-21569 | 2021-09-28 | Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to... |
| CVE-2021-21570 | 2021-09-28 | Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to... |
| CVE-2021-36283 | 2021-09-28 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2021-36284 | 2021-09-28 | Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to... |
| CVE-2021-36285 | 2021-09-28 | Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to... |
| CVE-2021-36286 | 2021-09-28 | Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called... |
| CVE-2021-36297 | 2021-09-28 | SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action... |
| CVE-2021-41106 | 2021-09-28 | File reference keys leads to incorrect hashes on HMAC algorithms |
| CVE-2020-20120 | 2021-09-28 | ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. |
| CVE-2020-20122 | 2021-09-28 | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. |
| CVE-2020-20124 | 2021-09-28 | Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. |
| CVE-2020-20125 | 2021-09-28 | EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. |
| CVE-2021-22946 | 2021-09-29 | A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command... |
| CVE-2021-22947 | 2021-09-29 | When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send... |
| CVE-2021-33923 | 2021-09-29 | Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). |
| CVE-2021-33924 | 2021-09-29 | Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. |
| CVE-2021-32466 | 2021-09-29 | An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom... |
| CVE-2021-36745 | 2021-09-29 | A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could... |
| CVE-2021-35027 | 2021-09-29 | A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. |
| CVE-2021-35028 | 2021-09-29 | A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. |
| CVE-2021-40651 | 2021-09-29 | OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application... |
| CVE-2021-25961 | 2021-09-29 | SuiteCRM - Account Takeover in Password Reset Functionality |
| CVE-2021-25959 | 2021-09-29 | OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality |
| CVE-2021-25962 | 2021-09-29 | Shuup - Formula Injection in Checkout Addresses |
| CVE-2021-25960 | 2021-09-29 | SuiteCRM - CSV Injection in Accounts Module |
| CVE-2021-35982 | 2021-09-29 | Adobe Reader DC Windows Installer Uncontrolled Search Path element could lead to Arbitrary Code Execution |
| CVE-2021-39821 | 2021-09-29 | Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-39831 | 2021-09-29 | Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-39833 | 2021-09-29 | Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-39830 | 2021-09-29 | Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2021-39834 | 2021-09-29 | Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-39832 | 2021-09-29 | Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2021-39829 | 2021-09-29 | Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-39836 | 2021-09-29 | Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-39835 | 2021-09-29 | Adobe FrameMaker PDF File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-39837 | 2021-09-29 | Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-39839 | 2021-09-29 | Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-39838 | 2021-09-29 | Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-39840 | 2021-09-29 | Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability |