Lista CVE - 2021 / Marzo
Visualizzazione 201 - 300 di 1447 CVE per Marzo 2021 (Pagina 3 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-28029 | 2021-03-05 | An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. |
| CVE-2021-28033 | 2021-03-05 | An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. |
| CVE-2021-28037 | 2021-03-05 | An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for... |
| CVE-2021-28036 | 2021-03-05 | An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a... |
| CVE-2021-28035 | 2021-03-05 | An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. |
| CVE-2021-28034 | 2021-03-05 | An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. |
| CVE-2021-28032 | 2021-03-05 | An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if... |
| CVE-2021-28031 | 2021-03-05 | An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. |
| CVE-2021-28030 | 2021-03-05 | An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. |
| CVE-2021-28028 | 2021-03-05 | An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. |
| CVE-2021-28027 | 2021-03-05 | An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. |
| CVE-2020-29658 | 2021-03-05 | Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. |
| CVE-2021-20663 | 2021-03-05 | Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced... |
| CVE-2021-20664 | 2021-03-05 | Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7... |
| CVE-2021-20665 | 2021-03-05 | Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable... |
| CVE-2021-27907 | 2021-03-05 | Apache Superset stored XSS on Dashboard markdown |
| CVE-2021-28026 | 2021-03-05 | jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial... |
| CVE-2020-29134 | 2021-03-05 | The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 |
| CVE-2021-26961 | 2021-03-05 | A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an... |
| CVE-2021-26962 | 2021-03-05 | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run... |
| CVE-2021-26960 | 2021-03-05 | A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an... |
| CVE-2021-26964 | 2021-03-05 | A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote... |
| CVE-2021-26963 | 2021-03-05 | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run... |
| CVE-2021-26966 | 2021-03-05 | A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker... |
| CVE-2020-35594 | 2021-03-05 | Zoho ManageEngine ADManager Plus before 7066 allows XSS. |
| CVE-2021-26965 | 2021-03-05 | A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker... |
| CVE-2021-26967 | 2021-03-05 | A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a... |
| CVE-2021-26968 | 2021-03-05 | A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow... |
| CVE-2020-28050 | 2021-03-05 | Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. |
| CVE-2021-26970 | 2021-03-05 | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users... |
| CVE-2021-26969 | 2021-03-05 | A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists... |
| CVE-2021-26971 | 2021-03-05 | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users... |
| CVE-2021-21725 | 2021-03-05 | A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in... |
| CVE-2020-29032 | 2021-03-05 | Add integrity check of GateManager firmware |
| CVE-2021-27098 | 2021-03-05 | In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the... |
| CVE-2021-27099 | 2021-03-05 | In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance... |
| CVE-2020-28502 | 2021-03-05 | Arbitrary Code Injection |
| CVE-2021-28040 | 2021-03-05 | An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used... |
| CVE-2021-26705 | 2021-03-05 | An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to... |
| CVE-2021-3377 | 2021-03-05 | The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature... |
| CVE-2021-28041 | 2021-03-05 | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the... |
| CVE-2020-29029 | 2021-03-05 | XSS issue due to insufficient sanitization of input field |
| CVE-2020-29028 | 2021-03-05 | Reflected XSS issues |
| CVE-2020-29020 | 2021-03-05 | Reject Remote Management via Cellular UPLINK2 |
| CVE-2020-29030 | 2021-03-05 | Insufficient CSRF guards |
| CVE-2021-3420 | 2021-03-05 | A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading... |
| CVE-2021-27254 | 2021-03-05 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint.... |
| CVE-2021-27255 | 2021-03-05 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2021-27256 | 2021-03-05 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism... |
| CVE-2021-27257 | 2021-03-05 | This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The... |
| CVE-2021-28042 | 2021-03-05 | Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. |
| CVE-2021-27581 | 2021-03-05 | The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. |
| CVE-2021-26814 | 2021-03-06 | Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete... |
| CVE-2021-26294 | 2021-03-07 | An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials),... |
| CVE-2021-27363 | 2021-03-07 | An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is... |
| CVE-2021-27364 | 2021-03-07 | An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. |
| CVE-2021-27365 | 2021-03-07 | An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged... |
| CVE-2020-28466 | 2021-03-07 | Denial of Service (DoS) |
| CVE-2009-20001 | 2021-03-07 | An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still... |
| CVE-2021-23351 | 2021-03-08 | Denial of Service (DoS) |
| CVE-2021-26788 | 2021-03-08 | Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs... |
| CVE-2021-27222 | 2021-03-08 | In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. |
| CVE-2020-23967 | 2021-03-08 | Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. |
| CVE-2021-21327 | 2021-03-08 | Unsafe Reflection in getItemForItemtype() |
| CVE-2021-21326 | 2021-03-08 | Horizontal Privilege Escalation |
| CVE-2021-21325 | 2021-03-08 | Stored XSS in budget type |
| CVE-2021-21324 | 2021-03-08 | Insecure Direct Object Reference (IDOR) on "Solutions" |
| CVE-2021-21329 | 2021-03-08 | Multi Factor Authentication Token Improperly Validated On User Login |
| CVE-2020-4695 | 2021-03-08 | IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a... |
| CVE-2020-4903 | 2021-03-08 | IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105. |
| CVE-2020-5014 | 2021-03-08 | IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID:... |
| CVE-2021-21362 | 2021-03-08 | Bypassing readOnly policy by creating a temporary 'mc share upload' URL |
| CVE-2021-21354 | 2021-03-08 | Open redirect in pollbot |
| CVE-2021-21335 | 2021-03-08 | Basic Authentication can be bypassed using a malformed username |
| CVE-2021-21336 | 2021-03-08 | Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager |
| CVE-2021-22134 | 2021-03-08 | A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions... |
| CVE-2020-27574 | 2021-03-08 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as... |
| CVE-2020-27575 | 2021-03-08 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains... |
| CVE-2021-21337 | 2021-03-08 | URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService |
| CVE-2020-27576 | 2021-03-08 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a... |
| CVE-2020-27838 | 2021-03-08 | A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an... |
| CVE-2021-21503 | 2021-03-08 | PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. |
| CVE-2021-21506 | 2021-03-08 | PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential... |
| CVE-2021-21510 | 2021-03-08 | Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a... |
| CVE-2021-20241 | 2021-03-09 | A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division... |
| CVE-2021-20243 | 2021-03-09 | A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division... |
| CVE-2021-20244 | 2021-03-09 | A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division... |
| CVE-2021-20245 | 2021-03-09 | A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division... |
| CVE-2021-20246 | 2021-03-09 | A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division... |
| CVE-2021-21300 | 2021-03-09 | malicious repositories can execute remote code while cloning |
| CVE-2021-24033 | 2021-03-09 | react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create... |
| CVE-2021-21360 | 2021-03-09 | Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup |
| CVE-2021-21361 | 2021-03-09 | Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin |
| CVE-2021-28006 | 2021-03-09 | Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. |
| CVE-2021-20272 | 2021-03-09 | A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. |
| CVE-2021-20273 | 2021-03-09 | A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. |
| CVE-2021-20274 | 2021-03-09 | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. |
| CVE-2021-20275 | 2021-03-09 | A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. |
| CVE-2021-20276 | 2021-03-09 | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. |
| CVE-2021-21481 | 2021-03-09 | The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access... |