Lista CVE - 2021 / Marzo
Visualizzazione 1001 - 1100 di 1447 CVE per Marzo 2021 (Pagina 11 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-27528 | 2021-03-23 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. |
| CVE-2021-27530 | 2021-03-23 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. |
| CVE-2021-27527 | 2021-03-23 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. |
| CVE-2021-27526 | 2021-03-23 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. |
| CVE-2021-27969 | 2021-03-23 | Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. |
| CVE-2021-27310 | 2021-03-23 | Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. |
| CVE-2021-27309 | 2021-03-23 | Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. |
| CVE-2021-21376 | 2021-03-23 | Information Exposure in OMERO.web |
| CVE-2021-21377 | 2021-03-23 | Open Redirect in OMERO.web |
| CVE-2020-7346 | 2021-03-23 | Privilege escalation in McAfee DLP Endpoint for Windows |
| CVE-2020-12483 | 2021-03-23 | AppStore Remote Download and Installation Vulnerability |
| CVE-2021-23362 | 2021-03-23 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-20219 | 2021-03-23 | A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop... |
| CVE-2021-20222 | 2021-03-23 | A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is... |
| CVE-2021-20270 | 2021-03-23 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated... |
| CVE-2021-23274 | 2021-03-23 | TIBCO API Exchange Gateway Clickjack Vulnerability |
| CVE-2021-3444 | 2021-03-23 | Linux kernel bpf verifier incorrect mod32 truncation |
| CVE-2021-21401 | 2021-03-23 | Invalid free() call in Nanopb |
| CVE-2021-3392 | 2021-03-23 | A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue... |
| CVE-2021-27908 | 2021-03-23 | In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of... |
| CVE-2020-24994 | 2021-03-23 | Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. |
| CVE-2021-21402 | 2021-03-23 | Unauthenticated Arbitrary File Access in Jellyfin |
| CVE-2021-28817 | 2021-03-23 | TIBCO Rendezvous Windows Platform Installation vulnerability |
| CVE-2021-28818 | 2021-03-23 | TIBCO Rendezvous Windows Platform Artifact Search vulnerability |
| CVE-2021-28819 | 2021-03-23 | TIBCO FTL Windows Platform Installation vulnerability |
| CVE-2021-28820 | 2021-03-23 | TIBCO FTL Windows Platform Artifact Search vulnerability |
| CVE-2021-28821 | 2021-03-23 | TIBCO Enterprise Message Service Windows Platform Installation vulnerability |
| CVE-2021-28822 | 2021-03-23 | TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability |
| CVE-2021-28823 | 2021-03-23 | TIBCO eFTL Windows Platform Installation vulnerability |
| CVE-2021-28824 | 2021-03-23 | TIBCO ActiveSpaces Windows Platform Installation vulnerability |
| CVE-2021-3409 | 2021-03-23 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows... |
| CVE-2019-19343 | 2021-03-23 | A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely... |
| CVE-2021-28100 | 2021-03-23 | Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process. |
| CVE-2021-28099 | 2021-03-23 | In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is... |
| CVE-2021-22864 | 2021-03-23 | Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server |
| CVE-2021-21380 | 2021-03-23 | Rating Script Service expose XWiki to SQL injection |
| CVE-2021-28967 | 2021-03-24 | The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. |
| CVE-2021-29133 | 2021-03-24 | Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem. |
| CVE-2021-29025 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI. |
| CVE-2021-29026 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI. |
| CVE-2021-29027 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI. |
| CVE-2021-29028 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI. |
| CVE-2021-29029 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI. |
| CVE-2021-29030 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI. |
| CVE-2021-29031 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI. |
| CVE-2021-29032 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI. |
| CVE-2021-29033 | 2021-03-24 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI. |
| CVE-2021-27315 | 2021-03-24 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. |
| CVE-2021-27316 | 2021-03-24 | Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. |
| CVE-2021-27319 | 2021-03-24 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. |
| CVE-2021-27320 | 2021-03-24 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. |
| CVE-2021-28362 | 2021-03-24 | An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to... |
| CVE-2020-5015 | 2021-03-24 | IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP... |
| CVE-2021-29002 | 2021-03-24 | A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter. |
| CVE-2020-36283 | 2021-03-24 | HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site,... |
| CVE-2019-19349 | 2021-03-24 | An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use... |
| CVE-2019-19350 | 2021-03-24 | An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could... |
| CVE-2020-35337 | 2021-03-24 | ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. |
| CVE-2019-19352 | 2021-03-24 | An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this... |
| CVE-2019-19353 | 2021-03-24 | An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this... |
| CVE-2019-19354 | 2021-03-24 | An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this... |
| CVE-2020-7839 | 2021-03-24 | MarkAny MaEPSBroker Command Injection Vulnerability |
| CVE-2021-22192 | 2021-03-24 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. |
| CVE-2021-22185 | 2021-03-24 | Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki |
| CVE-2021-22186 | 2021-03-24 | An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners |
| CVE-2021-22176 | 2021-03-24 | An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests |
| CVE-2021-22179 | 2021-03-24 | A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. |
| CVE-2020-15809 | 2021-03-24 | spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd;... |
| CVE-2021-22193 | 2021-03-24 | An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for... |
| CVE-2021-22178 | 2021-03-24 | An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. |
| CVE-2021-22169 | 2021-03-24 | An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages. |
| CVE-2021-1431 | 2021-03-24 | Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability |
| CVE-2021-1432 | 2021-03-24 | Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability |
| CVE-2021-1433 | 2021-03-24 | Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability |
| CVE-2021-1434 | 2021-03-24 | Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability |
| CVE-2021-1435 | 2021-03-24 | Cisco IOS XE Software Web UI Command Injection Vulnerability |
| CVE-2021-1436 | 2021-03-24 | Cisco IOS XE SD-WAN Software Path Traversal Vulnerability |
| CVE-2021-1437 | 2021-03-24 | Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability |
| CVE-2021-1439 | 2021-03-24 | Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability |
| CVE-2021-1442 | 2021-03-24 | Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability |
| CVE-2021-1441 | 2021-03-24 | Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability |
| CVE-2021-1443 | 2021-03-24 | Cisco IOS XE Software Web UI OS Command Injection Vulnerability |
| CVE-2021-1446 | 2021-03-24 | Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability |
| CVE-2021-1449 | 2021-03-24 | Cisco Access Point Software Arbitrary Code Execution Vulnerability |
| CVE-2021-1451 | 2021-03-24 | Cisco IOS XE Software Easy Virtual Switching System Arbitrary Code Execution Vulnerability |
| CVE-2021-1452 | 2021-03-24 | Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability |
| CVE-2021-1453 | 2021-03-24 | Cisco IOS XE Software for the Catalyst 9000 Family Arbitrary Code Execution Vulnerability |
| CVE-2021-1454 | 2021-03-24 | Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities |
| CVE-2021-1460 | 2021-03-24 | Cisco IOx Application Framework Denial of Service Vulnerability |
| CVE-2021-1469 | 2021-03-24 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities |
| CVE-2021-1471 | 2021-03-24 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities |
| CVE-2021-1403 | 2021-03-24 | Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability |
| CVE-2021-1398 | 2021-03-24 | Cisco IOS XE Software Arbitrary Code Execution Vulnerability |
| CVE-2021-1394 | 2021-03-24 | Cisco IOS XE Software for Network Convergence System 520 Routers Denial of Service Vulnerability |
| CVE-2021-1392 | 2021-03-24 | Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability |
| CVE-2021-1391 | 2021-03-24 | Cisco IOS and IOS XE Software Privilege Escalation Vulnerability |
| CVE-2021-1390 | 2021-03-24 | Cisco IOS XE Software Local Privilege Escalation Vulnerability |
| CVE-2021-1385 | 2021-03-24 | Cisco IOx Application Environment Path Traversal Vulnerability |
| CVE-2021-1384 | 2021-03-24 | Cisco IOx for IOS XE Software Command Injection Vulnerability |
| CVE-2021-1383 | 2021-03-24 | Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities |