Lista CVE - 2021 / Settembre
Visualizzazione 101 - 200 di 1899 CVE per Settembre 2021 (Pagina 2 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-20341 | 2021-09-01 | YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. |
| CVE-2021-39181 | 2021-09-01 | Unsafe Deserialization of User Data Using XStream |
| CVE-2021-39186 | 2021-09-01 | Improper Input Validation in GlobalNewFiles |
| CVE-2021-40387 | 2021-09-01 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. |
| CVE-2021-40385 | 2021-09-01 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. |
| CVE-2020-20343 | 2021-09-01 | WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. |
| CVE-2020-20344 | 2021-09-01 | WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. |
| CVE-2020-20345 | 2021-09-01 | WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. |
| CVE-2020-20347 | 2021-09-01 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. |
| CVE-2020-20348 | 2021-09-01 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. |
| CVE-2020-20349 | 2021-09-01 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. |
| CVE-2021-39119 | 2021-09-01 | Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked,... |
| CVE-2021-39115 | 2021-09-01 | Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a... |
| CVE-2021-31797 | 2021-09-01 | The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. |
| CVE-2019-10095 | 2021-09-02 | bash command injection in spark interpreter |
| CVE-2020-13929 | 2021-09-02 | Notebook permissions bypass |
| CVE-2021-27578 | 2021-09-02 | Cross Site Scripting in markdown interpreter |
| CVE-2021-31798 | 2021-09-02 | The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the... |
| CVE-2021-31796 | 2021-09-02 | An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for... |
| CVE-2021-34732 | 2021-09-02 | Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability |
| CVE-2021-34733 | 2021-09-02 | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability |
| CVE-2021-34746 | 2021-09-02 | Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability |
| CVE-2021-34759 | 2021-09-02 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2021-34765 | 2021-09-02 | Cisco Nexus Insights Authenticated Information Disclosure Vulnerability |
| CVE-2021-3757 | 2021-09-02 | Prototype Pollution in immerjs/immer |
| CVE-2021-3758 | 2021-09-02 | Server-Side Request Forgery (SSRF) in bookstackapp/bookstack |
| CVE-2021-33928 | 2021-09-02 | Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
| CVE-2021-33929 | 2021-09-02 | Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
| CVE-2021-33930 | 2021-09-02 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
| CVE-2021-33938 | 2021-09-02 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
| CVE-2021-39187 | 2021-09-02 | Crash server with query parameter |
| CVE-2021-21086 | 2021-09-02 | Adobe Reader CoolType Arbitrary Stack Manipulation |
| CVE-2021-28558 | 2021-09-02 | Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution |
| CVE-2021-28555 | 2021-09-02 | Adobe Acrobat Reader out-of-bounds Read could lead to information disclosure |
| CVE-2021-28550 | 2021-09-02 | Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution |
| CVE-2021-28553 | 2021-09-02 | Adobe Acrobat Reader use-after-free vulnerability could lead to arbitrary code execution |
| CVE-2021-28557 | 2021-09-02 | Adobe Acrobat Reader out-of-bounds read in PDFLibTool could lead to information exposure |
| CVE-2021-28560 | 2021-09-02 | Adobe Acrobat Reader heap corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-28565 | 2021-09-02 | Adobe Acrobat Reader out-of-bounds read could lead to information exposure |
| CVE-2021-28559 | 2021-09-02 | Adobe Acrobat Reader privacy violation vulnerability could lead to privilege escalation |
| CVE-2021-28561 | 2021-09-02 | Adobe Acrobat Reader memory corruption vulnerability could lead to remote code execution |
| CVE-2021-28564 | 2021-09-02 | Adobe Acrobat Reader out-of-bounds write vulnerability could lead to arbitrary code execution |
| CVE-2021-39322 | 2021-09-02 | Easy Social Icons <= 3.0.8 - Reflected Cross-Site Scripting |
| CVE-2021-22775 | 2021-09-02 | A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. |
| CVE-2021-22789 | 2021-09-02 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating... |
| CVE-2021-22790 | 2021-09-02 | A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file... |
| CVE-2021-22791 | 2021-09-02 | A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file... |
| CVE-2021-22792 | 2021-09-02 | A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project... |
| CVE-2021-22793 | 2021-09-02 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could... |
| CVE-2021-22704 | 2021-09-02 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic... |
| CVE-2021-38312 | 2021-09-02 | Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion |
| CVE-2021-38314 | 2021-09-02 | Gutenberg Template Library & Redux Framework <= 4.2.11 Sensitive Information Disclosure |
| CVE-2021-22525 | 2021-09-02 | This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 |
| CVE-2021-36018 | 2021-09-02 | Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-36019 | 2021-09-02 | Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-35993 | 2021-09-02 | Adobe After Effects PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-35995 | 2021-09-02 | Adobe After Effects MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-35994 | 2021-09-02 | Adobe After Effects JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-35996 | 2021-09-02 | Adobe After Effects Memory Corruption Could Lead To Arbitrary Code Execution |
| CVE-2021-36017 | 2021-09-02 | Adobe After Effects PDF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2020-18048 | 2021-09-02 | An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. |
| CVE-2021-34436 | 2021-09-02 | In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed... |
| CVE-2021-26436 | 2021-09-02 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2021-26439 | 2021-09-02 | Microsoft Edge for Android Information Disclosure Vulnerability |
| CVE-2021-36930 | 2021-09-02 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2021-38641 | 2021-09-02 | Microsoft Edge for Android Spoofing Vulnerability |
| CVE-2021-38642 | 2021-09-02 | Microsoft Edge for iOS Spoofing Vulnerability |
| CVE-2021-39191 | 2021-09-03 | URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc |
| CVE-2021-40491 | 2021-09-03 | The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for... |
| CVE-2021-40490 | 2021-09-03 | A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. |
| CVE-2021-40494 | 2021-09-03 | A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. |
| CVE-2021-39192 | 2021-09-03 | Privilege escalation: all users can access Admin-level API keys |
| CVE-2021-23437 | 2021-09-03 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-40492 | 2021-09-03 | A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). |
| CVE-2021-39193 | 2021-09-03 | Transaction validity oversight in pallet-ethereum |
| CVE-2021-30606 | 2021-09-03 | Chromium: CVE-2021-30606 Use after free in Blink |
| CVE-2021-30607 | 2021-09-03 | Chromium: CVE-2021-30607 Use after free in Permissions |
| CVE-2021-30608 | 2021-09-03 | Chromium: CVE-2021-30608 Use after free in Web Share |
| CVE-2021-30609 | 2021-09-03 | Chromium: CVE-2021-30609 Use after free in Sign-In |
| CVE-2021-30610 | 2021-09-03 | Chromium: CVE-2021-30610 Use after free in Extensions API |
| CVE-2021-30611 | 2021-09-03 | Chromium: CVE-2021-30611 Use after free in WebRTC |
| CVE-2021-30612 | 2021-09-03 | Chromium: CVE-2021-30612 Use after free in WebRTC |
| CVE-2021-30613 | 2021-09-03 | Chromium: CVE-2021-30613 Use after free in Base internals |
| CVE-2021-30614 | 2021-09-03 | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip |
| CVE-2021-30615 | 2021-09-03 | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation |
| CVE-2021-30616 | 2021-09-03 | Chromium: CVE-2021-30616 Use after free in Media |
| CVE-2021-30617 | 2021-09-03 | Chromium: CVE-2021-30617 Policy bypass in Blink |
| CVE-2021-30618 | 2021-09-03 | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools |
| CVE-2021-30619 | 2021-09-03 | Chromium: CVE-2021-30619 UI Spoofing in Autofill |
| CVE-2021-30620 | 2021-09-03 | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink |
| CVE-2021-30621 | 2021-09-03 | Chromium: CVE-2021-30621 UI Spoofing in Autofill |
| CVE-2021-30622 | 2021-09-03 | Chromium: CVE-2021-30622 Use after free in WebApp Installs |
| CVE-2021-30623 | 2021-09-03 | Chromium: CVE-2021-30623 Use after free in Bookmarks |
| CVE-2021-30624 | 2021-09-03 | Chromium: CVE-2021-30624 Use after free in Autofill |
| CVE-2021-40509 | 2021-09-04 | ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. |
| CVE-2021-23439 | 2021-09-05 | Cross-site Scripting (XSS) |
| CVE-2021-40516 | 2021-09-05 | WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. |
| CVE-2021-40524 | 2021-09-05 | In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server... |
| CVE-2021-40523 | 2021-09-05 | In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and... |
| CVE-2021-3770 | 2021-09-06 | Heap-based Buffer Overflow in vim/vim |