Lista CVE - 2021 / Gennaio
Visualizzazione 701 - 800 di 1514 CVE per Gennaio 2021 (Pagina 8 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-1197 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1198 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1199 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1176 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1175 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1174 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1173 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1172 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1171 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1170 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1169 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1168 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1167 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1166 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1165 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1164 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1163 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1162 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1161 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1160 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1159 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1158 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1157 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1156 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1155 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1154 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1153 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1152 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1151 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1150 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities |
| CVE-2021-1149 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities |
| CVE-2021-1148 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities |
| CVE-2021-1147 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities |
| CVE-2021-1146 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities |
| CVE-2021-1145 | 2021-01-13 | Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability |
| CVE-2021-1144 | 2021-01-13 | Cisco Connected Mobile Experiences Privilege Escalation Vulnerability |
| CVE-2021-1267 | 2021-01-13 | Cisco Firepower Management Center XML Entity Expansion Vulnerability |
| CVE-2021-1307 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1311 | 2021-01-13 | Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability |
| CVE-2021-1310 | 2021-01-13 | Cisco Webex Meetings Open Redirect Vulnerability |
| CVE-2021-1360 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2020-9142 | 2021-01-13 | There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update... |
| CVE-2020-9143 | 2021-01-13 | There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure. |
| CVE-2020-9141 | 2021-01-13 | There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity. |
| CVE-2020-9140 | 2021-01-13 | There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs. |
| CVE-2020-9139 | 2021-01-13 | There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service. |
| CVE-2020-9138 | 2021-01-13 | There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating. |
| CVE-2020-9203 | 2021-01-13 | There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's... |
| CVE-2020-9209 | 2021-01-13 | There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit... |
| CVE-2020-1865 | 2021-01-13 | There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could... |
| CVE-2020-1866 | 2021-01-13 | There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause... |
| CVE-2020-14101 | 2021-01-13 | The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version... |
| CVE-2020-14097 | 2021-01-13 | Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18. |
| CVE-2020-14098 | 2021-01-13 | The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi... |
| CVE-2020-14102 | 2021-01-13 | There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336... |
| CVE-2021-21012 | 2021-01-13 | Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure |
| CVE-2021-21013 | 2021-01-13 | Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure |
| CVE-2021-21011 | 2021-01-13 | Uncontrolled Search Path Element in Adobe Captivate 2019 |
| CVE-2021-21010 | 2021-01-13 | Uncontrolled search path element in Adobe InCopy |
| CVE-2021-21009 | 2021-01-13 | Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure |
| CVE-2021-21008 | 2021-01-13 | Uncontrolled Search Path Element vulnerability in Animate 21.0 |
| CVE-2021-21006 | 2021-01-13 | Heap buffer overflow when handling crafted font file could lead to arbitrary code execution |
| CVE-2021-21007 | 2021-01-13 | Uncontrolled search path element vulnerability in Illustrator 25.0 could lead to arbitrary code execution |
| CVE-2013-1053 | 2021-01-13 | Insecure crypto for storing passwords |
| CVE-2020-27267 | 2021-01-13 | KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66,... |
| CVE-2020-27263 | 2021-01-13 | KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66,... |
| CVE-2020-27265 | 2021-01-13 | KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66,... |
| CVE-2020-26732 | 2021-01-14 | SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers... |
| CVE-2020-16119 | 2021-01-14 | DCCP CCID structure use-after-free |
| CVE-2021-3138 | 2021-01-14 | In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. |
| CVE-2021-20617 | 2021-01-14 | Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative... |
| CVE-2021-20618 | 2021-01-14 | Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may... |
| CVE-2020-28470 | 2021-01-14 | Cross-site Scripting (XSS) |
| CVE-2021-23926 | 2021-01-14 | XMLBeans XML Entity Expansion |
| CVE-2021-24122 | 2021-01-14 | Apache Tomcat information disclosure |
| CVE-2020-29587 | 2021-01-14 | SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results... |
| CVE-2020-6776 | 2021-01-14 | CSRF in Bosch PRAESIDEO and Bosch PRAESENSA Management Interface |
| CVE-2020-6777 | 2021-01-14 | Stored XSS in Bosch PRAESIDEO and Bosch PRAESENSA Management Interface |
| CVE-2020-26733 | 2021-01-14 | Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS... |
| CVE-2020-27368 | 2021-01-14 | Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. |
| CVE-2021-21722 | 2021-01-14 | A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information... |
| CVE-2020-29019 | 2021-01-14 | A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request... |
| CVE-2020-29017 | 2021-01-14 | An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on... |
| CVE-2020-29016 | 2021-01-14 | A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute... |
| CVE-2020-29018 | 2021-01-14 | A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. |
| CVE-2020-29015 | 2021-01-14 | A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands... |
| CVE-2021-22132 | 2021-01-14 | Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user... |
| CVE-2021-21261 | 2021-01-14 | Flatpak sandbox escape via spawn portal |
| CVE-2020-16045 | 2021-01-14 | Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via... |
| CVE-2020-16046 | 2021-01-14 | Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
| CVE-2020-6572 | 2021-01-14 | Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
| CVE-2020-29493 | 2021-01-14 | DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of... |
| CVE-2020-29494 | 2021-01-14 | Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the... |
| CVE-2020-29495 | 2021-01-14 | DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution... |
| CVE-2020-27219 | 2021-01-14 | In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute.... |
| CVE-2020-27220 | 2021-01-14 | The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to... |
| CVE-2020-35581 | 2021-01-15 | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. |
| CVE-2020-35582 | 2021-01-15 | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. |
| CVE-2021-23835 | 2021-01-15 | An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can... |
| CVE-2021-23836 | 2021-01-15 | An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user... |