Lista CVE - 2021 / Marzo
Visualizzazione 301 - 400 di 1447 CVE per Marzo 2021 (Pagina 4 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-21488 | 2021-03-09 | Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s... |
| CVE-2021-21486 | 2021-03-09 | SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting... |
| CVE-2021-21493 | 2021-03-09 | When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable... |
| CVE-2021-21480 | 2021-03-09 | SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious... |
| CVE-2021-21487 | 2021-03-09 | SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
| CVE-2021-21484 | 2021-03-09 | LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. |
| CVE-2021-27585 | 2021-03-09 | When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable... |
| CVE-2021-27589 | 2021-03-09 | When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable... |
| CVE-2021-27591 | 2021-03-09 | When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable... |
| CVE-2021-27587 | 2021-03-09 | When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to... |
| CVE-2021-27586 | 2021-03-09 | When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable... |
| CVE-2021-27588 | 2021-03-09 | When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2021-27584 | 2021-03-09 | When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to... |
| CVE-2021-27590 | 2021-03-09 | When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily... |
| CVE-2021-27592 | 2021-03-09 | When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until... |
| CVE-2021-25915 | 2021-03-09 | Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2021-20341 | 2021-03-09 | IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. |
| CVE-2020-35451 | 2021-03-09 | Oozie local privilege escalation |
| CVE-2020-8356 | 2021-03-09 | An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log... |
| CVE-2020-8357 | 2021-03-09 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations. |
| CVE-2021-3417 | 2021-03-09 | An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to... |
| CVE-2021-20253 | 2021-03-09 | A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx... |
| CVE-2021-20268 | 2021-03-09 | An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This... |
| CVE-2021-20263 | 2021-03-09 | A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on... |
| CVE-2021-20262 | 2021-03-09 | A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain... |
| CVE-2021-21159 | 2021-03-09 | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21160 | 2021-03-09 | Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21161 | 2021-03-09 | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21162 | 2021-03-09 | Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21163 | 2021-03-09 | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious... |
| CVE-2021-21164 | 2021-03-09 | Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-21165 | 2021-03-09 | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21166 | 2021-03-09 | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21167 | 2021-03-09 | Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21168 | 2021-03-09 | Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2021-21169 | 2021-03-09 | Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2021-21170 | 2021-03-09 | Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar)... |
| CVE-2021-21171 | 2021-03-09 | Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a... |
| CVE-2021-21172 | 2021-03-09 | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. |
| CVE-2021-21173 | 2021-03-09 | Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-21174 | 2021-03-09 | Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2021-21175 | 2021-03-09 | Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-21176 | 2021-03-09 | Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2021-21177 | 2021-03-09 | Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2021-21178 | 2021-03-09 | Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2021-21179 | 2021-03-09 | Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21180 | 2021-03-09 | Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21181 | 2021-03-09 | Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2021-21182 | 2021-03-09 | Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. |
| CVE-2021-21183 | 2021-03-09 | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-21184 | 2021-03-09 | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-21185 | 2021-03-09 | Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted... |
| CVE-2021-21186 | 2021-03-09 | Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions... |
| CVE-2021-21187 | 2021-03-09 | Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
| CVE-2021-21188 | 2021-03-09 | Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21189 | 2021-03-09 | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2021-21190 | 2021-03-09 | Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
| CVE-2020-28150 | 2021-03-09 | I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect. |
| CVE-2021-21369 | 2021-03-09 | Potential DoS in Besu HTTP JSON-RPC API |
| CVE-2020-27225 | 2021-03-09 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to... |
| CVE-2021-23353 | 2021-03-09 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-23352 | 2021-03-09 | Command Injection |
| CVE-2021-21295 | 2021-03-09 | Possible request smuggling in HTTP/2 due missing validation |
| CVE-2021-3411 | 2021-03-09 | A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state.... |
| CVE-2021-20255 | 2021-03-09 | A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry... |
| CVE-2020-35521 | 2021-03-09 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. |
| CVE-2020-35522 | 2021-03-09 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. |
| CVE-2020-35523 | 2021-03-09 | An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a... |
| CVE-2020-35524 | 2021-03-09 | A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution.... |
| CVE-2020-28952 | 2021-03-09 | An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled... |
| CVE-2021-23273 | 2021-03-09 | TIBCO Spotfire Cross Site Scripting Vulnerability |
| CVE-2021-28115 | 2021-03-09 | The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation. |
| CVE-2021-28116 | 2021-03-09 | Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a... |
| CVE-2021-28119 | 2021-03-09 | Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous... |
| CVE-2020-27632 | 2021-03-10 | In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. |
| CVE-2021-21772 | 2021-03-10 | A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file... |
| CVE-2020-29238 | 2021-03-10 | An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted... |
| CVE-2021-3310 | 2021-03-10 | Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local... |
| CVE-2020-13936 | 2021-03-10 | Velocity Sandbox Bypass |
| CVE-2020-13959 | 2021-03-10 | Velocity Tools XSS Vulnerability |
| CVE-2021-20667 | 2021-03-10 | Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially... |
| CVE-2021-20668 | 2021-03-10 | Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL. |
| CVE-2021-20669 | 2021-03-10 | Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL. |
| CVE-2021-20670 | 2021-03-10 | Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors. |
| CVE-2021-20671 | 2021-03-10 | Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary... |
| CVE-2021-20672 | 2021-03-10 | Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via... |
| CVE-2021-20673 | 2021-03-10 | Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-28007 | 2021-03-10 | Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter. |
| CVE-2020-23721 | 2021-03-10 | An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english. |
| CVE-2020-23722 | 2021-03-10 | An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters. |
| CVE-2020-24791 | 2021-03-10 | FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent... |
| CVE-2020-28705 | 2021-03-10 | FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3. |
| CVE-2021-3224 | 2021-03-10 | A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. |
| CVE-2021-21491 | 2021-03-10 | SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due... |
| CVE-2020-35752 | 2021-03-10 | Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter. |
| CVE-2021-28122 | 2021-03-10 | A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update,... |
| CVE-2020-4717 | 2021-03-10 | A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM... |
| CVE-2020-5016 | 2021-03-10 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present,... |
| CVE-2021-20265 | 2021-03-10 | A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local... |
| CVE-2021-0396 | 2021-03-10 | In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an... |