Waitman Gobble

irc://irc.y0m4m4.com/ Radio Puke.World Wiki OOO

CVE List 2021 (page: 1)

2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Name Description
CVE-2021-36654 [Updated 2021-08-05] CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
CVE-2021-35463 [Updated 2021-08-05] Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the [...]
CVE-2021-38095 [Updated 2021-08-05] The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.
CVE-2021-36090 [Updated 2021-08-05] When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to [...]
CVE-2021-35042 [Updated 2021-08-05] Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVE-2021-34429 [Updated 2021-08-05] For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security [...]
CVE-2021-34428 [Updated 2021-08-05] For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID [...]
CVE-2021-32603 [Updated 2021-08-05] A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and [...]
CVE-2021-32598 [Updated 2021-08-05] An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, [...]
CVE-2021-3612 [Updated 2021-08-05] An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to [...]
CVE-2021-3595 [Updated 2021-08-05] An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is [...]
CVE-2021-3594 [Updated 2021-08-05] An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is [...]
CVE-2021-3593 [Updated 2021-08-05] An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is [...]
CVE-2021-3592 [Updated 2021-08-05] An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is [...]
CVE-2021-3541 [Updated 2021-08-05] A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
CVE-2021-29425 [Updated 2021-08-05] In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..foo", the result would be the same value, thus possibly [...]
CVE-2021-28691 [Updated 2021-08-05] Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with [...]
CVE-2021-28164 [Updated 2021-08-05] In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF [...]
CVE-2021-22921 [Updated 2021-08-05] Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions [...]
CVE-2021-22918 [Updated 2021-08-05] Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether [...]
CVE-2021-22904 [Updated 2021-08-05] The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive [...]
CVE-2021-22885 [Updated 2021-08-05] A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
CVE-2021-22880 [Updated 2021-08-05] The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input [...]
CVE-2021-22555 [Updated 2021-08-05] A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through [...]
CVE-2021-36805 [Updated 2021-08-04] Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in [...]
CVE-2021-36804 [Updated 2021-08-04] Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker [...]
CVE-2021-36803 [Updated 2021-08-04] Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of [...]
CVE-2021-36802 [Updated 2021-08-04] Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This [...]
CVE-2021-36801 [Updated 2021-08-04] Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product.
CVE-2021-36800 [Updated 2021-08-04] Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] [...]
CVE-2021-3539 [Updated 2021-08-04] EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
CVE-2021-31869 [Updated 2021-08-04] Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.
CVE-2021-31867 [Updated 2021-08-04] Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the [...]
CVE-2021-20028 [Updated 2021-08-04] ** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA [...]
CVE-2021-34707 [Updated 2021-08-04] A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability [...]
CVE-2021-32793 [Updated 2021-08-04] Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to [...]
CVE-2021-32706 [Updated 2021-08-04] Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match [...]
CVE-2021-32625 [Updated 2021-08-04] Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using [...]
CVE-2021-32465 [Updated 2021-08-04] An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on [...]
CVE-2021-32464 [Updated 2021-08-04] An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a [...]
CVE-2021-26096 [Updated 2021-08-04] Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of [...]
CVE-2021-24014 [Updated 2021-08-04] Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via [...]
CVE-2021-22124 [Updated 2021-08-04] An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator [...]
CVE-2021-1610 [Updated 2021-08-04] Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: [...]
CVE-2021-1609 [Updated 2021-08-04] Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: [...]
CVE-2021-1602 [Updated 2021-08-04] A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary [...]
CVE-2021-1593 [Updated 2021-08-04] A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker [...]
CVE-2021-1572 [Updated 2021-08-04] A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this [...]
CVE-2021-1522 [Updated 2021-08-04] A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with [...]
CVE-2021-34853 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34852 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34851 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34850 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34849 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34848 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34847 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34846 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34845 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34844 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34843 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34842 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34841 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34840 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34839 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34838 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34837 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34836 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34835 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34834 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34833 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34832 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-34831 [Updated 2021-08-04] This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the [...]
CVE-2021-33910 [Updated 2021-08-04] basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) [...]
CVE-2021-32596 [Updated 2021-08-04] A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to [...]
CVE-2021-26097 [Updated 2021-08-04] An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker [...]
CVE-2021-36765 [Updated 2021-08-04] In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime [...]
CVE-2021-36764 [Updated 2021-08-04] In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a [...]
CVE-2021-36168 [Updated 2021-08-04] A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows [...]
CVE-2021-33337 [Updated 2021-08-04] Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, [...]
CVE-2021-3678 [Updated 2021-08-04] showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2021-32594 [Updated 2021-08-04] An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to [...]
CVE-2021-32590 [Updated 2021-08-04] Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may [...]
CVE-2021-29765 [Updated 2021-08-04] IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476.
CVE-2021-26098 [Updated 2021-08-04] An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly [...]
CVE-2021-24018 [Updated 2021-08-04] A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a [...]
CVE-2021-24010 [Updated 2021-08-04] Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access [...]
CVE-2021-21866 [Updated 2021-08-04] A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted [...]
CVE-2021-21865 [Updated 2021-08-04] A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can [...]
CVE-2021-21864 [Updated 2021-08-04] A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially [...]
CVE-2021-33339 [Updated 2021-08-04] Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or [...]
CVE-2021-33338 [Updated 2021-08-04] The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to [...]
CVE-2021-33336 [Updated 2021-08-04] Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote [...]
CVE-2021-3680 [Updated 2021-08-04] showdoc is vulnerable to Missing Cryptographic Step
CVE-2021-37232 [Updated 2021-08-04] A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in [...]
CVE-2021-37231 [Updated 2021-08-04] A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.
CVE-2021-36483 [Updated 2021-08-04] DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.
CVE-2021-35397 [Updated 2021-08-04] A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of [...]
CVE-2021-32558 [Updated 2021-08-04] An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver [...]
CVE-2021-34558 [Updated 2021-08-04] The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a [...]
CVE-2021-34273 [Updated 2021-08-03] A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the [...]
CVE-2021-34272 [Updated 2021-08-03] A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase [...]
CVE-2021-34270 [Updated 2021-08-03] An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses.
CVE-2021-33403 [Updated 2021-08-03] An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large [...]
CVE-2021-32813 [Updated 2021-08-03] Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this [...]
CVE-2021-33335 [Updated 2021-08-03] Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to [...]
CVE-2021-33334 [Updated 2021-08-03] The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user [...]
CVE-2021-33333 [Updated 2021-08-03] The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which [...]
CVE-2021-33332 [Updated 2021-08-03] Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote [...]
CVE-2021-33331 [Updated 2021-08-03] Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote [...]
CVE-2021-32804 [Updated 2021-08-03] The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims [...]
CVE-2021-30589 [Updated 2021-08-03] Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
CVE-2021-30588 [Updated 2021-08-03] Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30587 [Updated 2021-08-03] Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2021-30586 [Updated 2021-08-03] Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap [...]
CVE-2021-30585 [Updated 2021-08-03] Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30584 [Updated 2021-08-03] Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2021-30583 [Updated 2021-08-03] Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-30582 [Updated 2021-08-03] Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-30581 [Updated 2021-08-03] Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML [...]
CVE-2021-30580 [Updated 2021-08-03] Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive [...]
CVE-2021-30579 [Updated 2021-08-03] Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30578 [Updated 2021-08-03] Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30577 [Updated 2021-08-03] Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
CVE-2021-30576 [Updated 2021-08-03] Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML [...]
CVE-2021-30575 [Updated 2021-08-03] Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML [...]
CVE-2021-30574 [Updated 2021-08-03] Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30573 [Updated 2021-08-03] Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30572 [Updated 2021-08-03] Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30571 [Updated 2021-08-03] Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape [...]
CVE-2021-30569 [Updated 2021-08-03] Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30568 [Updated 2021-08-03] Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30567 [Updated 2021-08-03] Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.
CVE-2021-30566 [Updated 2021-08-03] Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML [...]
CVE-2021-30565 [Updated 2021-08-03] Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds [...]
CVE-2021-36703 [Updated 2021-08-03] The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated [...]
CVE-2021-36702 [Updated 2021-08-03] The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send [...]
CVE-2021-36701 [Updated 2021-08-03] In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the [...]
CVE-2021-36623 [Updated 2021-08-03] Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
CVE-2021-36622 [Updated 2021-08-03] Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at [...]
CVE-2021-36543 [Updated 2021-08-03] Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's [...]
CVE-2021-36542 [Updated 2021-08-03] Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by [...]
CVE-2021-35343 [Updated 2021-08-03] Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing [...]
CVE-2021-33330 [Updated 2021-08-03] Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal [...]
CVE-2021-33328 [Updated 2021-08-03] Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 [...]
CVE-2021-33327 [Updated 2021-08-03] The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user [...]
CVE-2021-33326 [Updated 2021-08-03] Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows [...]
CVE-2021-33325 [Updated 2021-08-03] The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the [...]
CVE-2021-33324 [Updated 2021-08-03] The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote [...]
CVE-2021-33323 [Updated 2021-08-03] The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows [...]
CVE-2021-33322 [Updated 2021-08-03] In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their [...]
CVE-2021-33321 [Updated 2021-08-03] Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The [...]
CVE-2021-33320 [Updated 2021-08-03] The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged [...]
CVE-2021-32803 [Updated 2021-08-03] The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to [...]
CVE-2021-32018 [Updated 2021-08-03] An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory [...]
CVE-2021-32016 [Updated 2021-08-03] An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled [...]
CVE-2021-30564 [Updated 2021-08-03] Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30563 [Updated 2021-08-03] Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30562 [Updated 2021-08-03] Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30561 [Updated 2021-08-03] Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30560 [Updated 2021-08-03] Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30559 [Updated 2021-08-03] Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30541 [Updated 2021-08-03] Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-27942 [Updated 2021-08-03] Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are [...]
CVE-2021-22425 [Updated 2021-08-03] A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.
CVE-2021-22424 [Updated 2021-08-03] A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service.
CVE-2021-22423 [Updated 2021-08-03] A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow.
CVE-2021-22422 [Updated 2021-08-03] A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
CVE-2021-22421 [Updated 2021-08-03] A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.
CVE-2021-22420 [Updated 2021-08-03] A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application [...]
CVE-2021-22419 [Updated 2021-08-03] A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos.
CVE-2021-22418 [Updated 2021-08-03] A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
CVE-2021-22417 [Updated 2021-08-03] A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage.
CVE-2021-22416 [Updated 2021-08-03] A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.
CVE-2021-37558 [Updated 2021-08-03] A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and [...]
CVE-2021-37557 [Updated 2021-08-03] A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the [...]
CVE-2021-37556 [Updated 2021-08-03] A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the [...]
CVE-2021-36763 [Updated 2021-08-03] In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVE-2021-33486 [Updated 2021-08-03] All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVE-2021-33485 [Updated 2021-08-03] CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVE-2021-32814 [Updated 2021-08-03] Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate [...]
CVE-2021-32017 [Updated 2021-08-03] An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem [...]
CVE-2021-31504 [Updated 2021-08-03] This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit [...]
CVE-2021-31503 [Updated 2021-08-03] This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit [...]
CVE-2021-27943 [Updated 2021-08-03] The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a [...]
CVE-2021-21581 [Updated 2021-08-03] Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a [...]
CVE-2021-21580 [Updated 2021-08-03] Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized [...]
CVE-2021-21579 [Updated 2021-08-03] Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by [...]
CVE-2021-21578 [Updated 2021-08-03] Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by [...]
CVE-2021-21577 [Updated 2021-08-03] Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript [...]
CVE-2021-21576 [Updated 2021-08-03] Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript [...]
CVE-2021-36159 [Updated 2021-08-03] libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read [...]
CVE-2021-36157 [Updated 2021-08-03] An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae [...]
CVE-2021-36156 [Updated 2021-08-03] An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae [...]
CVE-2021-32772 [Updated 2021-08-03] Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application [...]
CVE-2021-31630 [Updated 2021-08-03] Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
CVE-2021-27954 [Updated 2021-08-03] A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit [...]
CVE-2021-27953 [Updated 2021-08-03] A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a [...]
CVE-2021-27952 [Updated 2021-08-03] Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.
CVE-2021-22400 [Updated 2021-08-03] Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify [...]
CVE-2021-37833 [Updated 2021-08-03] A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
CVE-2021-37832 [Updated 2021-08-03] A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through [...]
CVE-2021-35265 [Updated 2021-08-03] A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.
CVE-2021-35517 [Updated 2021-08-03] When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to [...]
CVE-2021-35516 [Updated 2021-08-03] When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to [...]
CVE-2021-35515 [Updated 2021-08-03] When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack [...]
CVE-2021-32812 [Updated 2021-08-02] Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting [...]
CVE-2021-32811 [Updated 2021-08-02] Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope [...]
CVE-2021-32787 [Updated 2021-08-02] Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and [...]
CVE-2021-26085 [Updated 2021-08-02] Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected [...]
CVE-2021-21565 [Updated 2021-08-02] Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing [...]
CVE-2021-21563 [Updated 2021-08-02] Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to [...]
CVE-2021-21562 [Updated 2021-08-02] Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or [...]
CVE-2021-21553 [Updated 2021-08-02] Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of [...]
CVE-2021-35209 [Updated 2021-08-02] An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the [...]
CVE-2021-35208 [Updated 2021-08-02] An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript [...]
CVE-2021-34637 [Updated 2021-08-02] The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in [...]
CVE-2021-34635 [Updated 2021-08-02] The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to [...]
CVE-2021-34632 [Updated 2021-08-02] The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, [...]
CVE-2021-34628 [Updated 2021-08-02] The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows [...]
CVE-2021-32019 [Updated 2021-08-02] There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the [...]
CVE-2021-29979 [Updated 2021-08-02] Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance&#8217;s primary hosting domain.*. This vulnerability [...]
CVE-2021-27503 [Updated 2021-08-02] Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of [...]
CVE-2021-27499 [Updated 2021-08-02] Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the [...]
CVE-2021-35450 [Updated 2021-08-02] A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via [...]
CVE-2021-33198 [Updated 2021-08-02] Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excessive memory (issue 2 of 2).
CVE-2021-33197 [Updated 2021-08-02] Go before 1.15.12 and 1.16.x before 1.16.5 acts as an Unintended Proxy or Intermediary.
CVE-2021-33196 [Updated 2021-08-02] Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excessive memory (issue 1 of 2).
CVE-2021-33195 [Updated 2021-08-02] Go before 1.15.12 and 1.16.x before 1.16.5 allows injection.
CVE-2021-32810 [Updated 2021-08-02] crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more [...]
CVE-2021-32806 [Updated 2021-08-02] Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url [...]
CVE-2021-3673 [Updated 2021-08-02] A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.
CVE-2021-22447 [Updated 2021-08-02] There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22446 [Updated 2021-08-02] There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22445 [Updated 2021-08-02] There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-20590 [Updated 2021-08-02] Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model [...]
CVE-2021-35464 [Updated 2021-08-02] ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution [...]
CVE-2021-29757 [Updated 2021-08-02] IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the [...]
CVE-2021-29697 [Updated 2021-08-02] IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could [...]
CVE-2021-29696 [Updated 2021-08-02] IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a [...]
CVE-2021-22552 [Updated 2021-08-02] An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This [...]
CVE-2021-22444 [Updated 2021-08-02] There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection.
CVE-2021-22443 [Updated 2021-08-02] There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access.
CVE-2021-22442 [Updated 2021-08-02] There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22438 [Updated 2021-08-02] There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22435 [Updated 2021-08-02] There is a Configuration Defect Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22428 [Updated 2021-08-02] There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22427 [Updated 2021-08-02] There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22415 [Updated 2021-08-02] There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code.
CVE-2021-22414 [Updated 2021-08-02] There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22413 [Updated 2021-08-02] There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
Page:


Copyright © 1999–2021, The MITRE Corporation

LICENSE

Submissions: For all materials you submit to the Common Vulnerabilities and Exposures (CVE®), you hereby grant to The MITRE Corporation (MITRE) and all CVE Numbering Authorities (CNAs) a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute such materials and derivative works. Unless required by applicable law or agreed to in writing, you provide such materials on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.

CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.

DISCLAIMERS

ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN PROVIDED BY MITRE ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.