Lista CVE - 2021 / Marzo
Visualizzazione 1101 - 1200 di 1447 CVE per Marzo 2021 (Pagina 12 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-1382 | 2021-03-24 | Cisco IOS XE SD-WAN Software Command Injection Vulnerability |
| CVE-2021-1377 | 2021-03-24 | Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability |
| CVE-2021-1376 | 2021-03-24 | Cisco IOS XE Software Fast Reload Vulnerabilities |
| CVE-2021-1375 | 2021-03-24 | Cisco IOS XE Software Fast Reload Vulnerabilities |
| CVE-2021-1374 | 2021-03-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Stored Cross-Site Scripting Vulnerability |
| CVE-2021-1373 | 2021-03-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability |
| CVE-2021-1371 | 2021-03-24 | Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability |
| CVE-2021-1356 | 2021-03-24 | Cisco IOS XE Software Web UI Denial of Service Vulnerabilities |
| CVE-2021-1352 | 2021-03-24 | Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability |
| CVE-2021-1281 | 2021-03-24 | Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2021-1220 | 2021-03-24 | Cisco IOS XE Software Web UI Denial of Service Vulnerabilities |
| CVE-2020-26279 | 2021-03-24 | Path traversal |
| CVE-2021-1381 | 2021-03-24 | Cisco IOS XE Software Active Debug Code Vulnerability |
| CVE-2021-1411 | 2021-03-24 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities |
| CVE-2021-1417 | 2021-03-24 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities |
| CVE-2021-1418 | 2021-03-24 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities |
| CVE-2021-1423 | 2021-03-24 | Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability |
| CVE-2020-26283 | 2021-03-24 | Control character injection in console output |
| CVE-2021-21385 | 2021-03-24 | Disabled hostname verification and accepting self-signed certificates |
| CVE-2021-21386 | 2021-03-24 | Improper Neutralization of Argument Delimiters in a Decompiling Package Process |
| CVE-2020-7853 | 2021-03-24 | TOBESOFT XPLATFORM Out-of-Bounds Read/Write Vulnerabilities |
| CVE-2020-7852 | 2021-03-24 | DaviewIndy Heap Overflow Vulnerabilities |
| CVE-2021-3466 | 2021-03-25 | A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application... |
| CVE-2021-20679 | 2021-03-25 | Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560... |
| CVE-2021-26715 | 2021-03-25 | The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in... |
| CVE-2021-29156 | 2021-03-25 | ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a... |
| CVE-2020-1946 | 2021-03-25 | Apache SpamAssassin has an OS Command Injection vulnerability |
| CVE-2021-3449 | 2021-03-25 | NULL pointer deref in signature_algorithms processing |
| CVE-2021-3450 | 2021-03-25 | CA certificate check bypass with X509_V_FLAG_X509_STRICT |
| CVE-2021-1492 | 2021-03-25 | Duo Authentication Proxy Installer Denial of Service Vulnerability |
| CVE-2020-6771 | 2021-03-25 | Uncontrolled Search Path Element in Bosch IP Helper |
| CVE-2020-6785 | 2021-03-25 | Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer |
| CVE-2020-6786 | 2021-03-25 | Uncontrolled Search Path Element in Bosch Video Recording Manager Installer |
| CVE-2020-6787 | 2021-03-25 | Uncontrolled Search Path Element in Bosch Video Client installer |
| CVE-2020-6788 | 2021-03-25 | Uncontrolled Search Path Element in Bosch Configuration Manager Installer |
| CVE-2020-6789 | 2021-03-25 | Uncontrolled Search Path Element in Bosch Monitor Wall Installer |
| CVE-2020-6790 | 2021-03-25 | Uncontrolled Search Path Element in Bosch Video Streaming Gateway Installer |
| CVE-2021-22496 | 2021-03-25 | Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. |
| CVE-2021-22659 | 2021-03-25 | Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values... |
| CVE-2021-21783 | 2021-03-25 | A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an... |
| CVE-2021-25349 | 2021-03-25 | Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. |
| CVE-2021-25350 | 2021-03-25 | Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. |
| CVE-2021-25351 | 2021-03-25 | Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. |
| CVE-2021-25352 | 2021-03-25 | Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. |
| CVE-2021-25353 | 2021-03-25 | Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. |
| CVE-2021-25354 | 2021-03-25 | Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. |
| CVE-2021-25355 | 2021-03-25 | Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. |
| CVE-2021-25366 | 2021-03-25 | Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. |
| CVE-2021-25367 | 2021-03-25 | Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission. |
| CVE-2021-25368 | 2021-03-25 | Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. |
| CVE-2021-27192 | 2021-03-25 | Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients. |
| CVE-2021-27193 | 2021-03-25 | Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine... |
| CVE-2021-27194 | 2021-03-25 | Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords. |
| CVE-2021-27195 | 2021-03-25 | Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic. |
| CVE-2021-29096 | 2021-03-25 | ArcGIS general raster security update: use-after-free |
| CVE-2021-3443 | 2021-03-25 | A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could... |
| CVE-2021-3446 | 2021-03-25 | A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain... |
| CVE-2021-3467 | 2021-03-25 | A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2... |
| CVE-2021-26597 | 2021-03-25 | An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload... |
| CVE-2021-26596 | 2021-03-25 | An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by... |
| CVE-2020-35502 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory... |
| CVE-2021-20210 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash. |
| CVE-2021-20211 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. |
| CVE-2021-20212 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to... |
| CVE-2021-20213 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request... |
| CVE-2021-20214 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a... |
| CVE-2021-20215 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. |
| CVE-2021-20216 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from... |
| CVE-2021-20217 | 2021-03-25 | A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this... |
| CVE-2021-29008 | 2021-03-25 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. |
| CVE-2021-29009 | 2021-03-25 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. |
| CVE-2021-29010 | 2021-03-25 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. |
| CVE-2021-27452 | 2021-03-25 | The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to... |
| CVE-2021-27438 | 2021-03-25 | The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). |
| CVE-2021-27440 | 2021-03-25 | The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). |
| CVE-2021-27450 | 2021-03-25 | SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged... |
| CVE-2021-27454 | 2021-03-25 | The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60... |
| CVE-2021-27448 | 2021-03-25 | A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). |
| CVE-2021-22888 | 2021-03-25 | Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of... |
| CVE-2021-22889 | 2021-03-25 | Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker... |
| CVE-2020-10584 | 2021-03-25 | A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. |
| CVE-2020-10583 | 2021-03-25 | The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. |
| CVE-2020-10582 | 2021-03-25 | A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the... |
| CVE-2020-10581 | 2021-03-25 | Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. |
| CVE-2020-10580 | 2021-03-25 | A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user... |
| CVE-2020-10579 | 2021-03-25 | A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user... |
| CVE-2021-29093 | 2021-03-25 | ArcGIS Server image service and raster analytics security update: use-after-free |
| CVE-2021-29094 | 2021-03-25 | ArcGIS Server image service and raster analytics security update: buffer overflow |
| CVE-2021-29095 | 2021-03-25 | ArcGIS Server image service and raster analytics security update: uninitialized pointer |
| CVE-2021-29097 | 2021-03-25 | ArcGIS general raster security update: buffer overflow |
| CVE-2021-29098 | 2021-03-25 | ArcGIS general raster security update: uninitialized pointer |
| CVE-2021-27372 | 2021-03-25 | Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and... |
| CVE-2021-3119 | 2021-03-25 | Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial... |
| CVE-2021-20271 | 2021-03-26 | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package,... |
| CVE-2020-23517 | 2021-03-26 | Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. |
| CVE-2021-3027 | 2021-03-26 | app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input... |
| CVE-2021-3153 | 2021-03-26 | HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1. |
| CVE-2020-28346 | 2021-03-26 | ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference. |
| CVE-2021-28246 | 2021-03-26 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH,... |
| CVE-2021-28247 | 2021-03-26 | CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due... |