Lista CVE - 2021 / Marzo
Visualizzazione 801 - 900 di 1447 CVE per Marzo 2021 (Pagina 9 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-26234 | 2021-03-18 | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled... |
| CVE-2021-26235 | 2021-03-18 | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that... |
| CVE-2021-26237 | 2021-03-18 | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled... |
| CVE-2021-28133 | 2021-03-18 | Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a... |
| CVE-2021-27306 | 2021-03-18 | An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. |
| CVE-2021-26935 | 2021-03-18 | In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. |
| CVE-2021-24123 | 2021-03-18 | PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE |
| CVE-2021-24124 | 2021-03-18 | WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS) |
| CVE-2021-24125 | 2021-03-18 | Contact Form Submissions < 1.7.1 - Authenticated SQL Injection |
| CVE-2021-24126 | 2021-03-18 | Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24127 | 2021-03-18 | ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS |
| CVE-2021-24128 | 2021-03-18 | Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24129 | 2021-03-18 | Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24130 | 2021-03-18 | WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection |
| CVE-2021-24131 | 2021-03-18 | Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections |
| CVE-2021-24132 | 2021-03-18 | Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection |
| CVE-2021-24133 | 2021-03-18 | ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings |
| CVE-2021-24134 | 2021-03-18 | Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS |
| CVE-2021-24135 | 2021-03-18 | WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS |
| CVE-2021-24136 | 2021-03-18 | Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS |
| CVE-2021-24137 | 2021-03-18 | Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection |
| CVE-2021-24138 | 2021-03-18 | AdRotate < 5.8.4 - Authenticated SQL Injection |
| CVE-2021-24139 | 2021-03-18 | Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection |
| CVE-2021-24140 | 2021-03-18 | Ajax Load More < 5.3.2 - Authenticated SQL Injection |
| CVE-2021-24141 | 2021-03-18 | Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection |
| CVE-2021-24142 | 2021-03-18 | 301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection |
| CVE-2021-24143 | 2021-03-18 | AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection |
| CVE-2021-24144 | 2021-03-18 | Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection |
| CVE-2021-24145 | 2021-03-18 | Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE |
| CVE-2021-24146 | 2021-03-18 | Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export |
| CVE-2021-24147 | 2021-03-18 | Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24148 | 2021-03-18 | MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple |
| CVE-2021-24149 | 2021-03-18 | Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection |
| CVE-2021-28790 | 2021-03-18 | The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers... |
| CVE-2021-28792 | 2021-03-18 | The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,... |
| CVE-2021-28794 | 2021-03-18 | The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. |
| CVE-2021-28796 | 2021-03-18 | Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. |
| CVE-2021-28789 | 2021-03-18 | The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers... |
| CVE-2021-28791 | 2021-03-18 | The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers... |
| CVE-2021-28145 | 2021-03-18 | Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. |
| CVE-2021-26215 | 2021-03-18 | SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. |
| CVE-2021-26216 | 2021-03-18 | SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. |
| CVE-2020-26155 | 2021-03-18 | Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries... |
| CVE-2021-22665 | 2021-03-18 | Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting... |
| CVE-2021-21383 | 2021-03-18 | XSS in Wiki.js |
| CVE-2020-14516 | 2021-03-18 | In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user... |
| CVE-2021-27656 | 2021-03-18 | exacqVision Web Services - Information Exposure |
| CVE-2019-3867 | 2021-03-18 | A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to... |
| CVE-2021-1287 | 2021-03-18 | Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability |
| CVE-2021-28160 | 2021-03-18 | Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page ("Repeater Wizard" homepage section). |
| CVE-2019-14850 | 2021-03-18 | A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of... |
| CVE-2020-35492 | 2021-03-18 | A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example,... |
| CVE-2019-14851 | 2021-03-18 | A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only... |
| CVE-2019-14852 | 2021-03-18 | A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to... |
| CVE-2020-26797 | 2021-03-18 | Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. |
| CVE-2021-25764 | 2021-03-18 | In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. |
| CVE-2020-26886 | 2021-03-18 | Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. |
| CVE-2020-9367 | 2021-03-18 | The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path.... |
| CVE-2020-36144 | 2021-03-18 | Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter... |
| CVE-2021-27358 | 2021-03-18 | The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration... |
| CVE-2021-3416 | 2021-03-18 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of... |
| CVE-2021-27436 | 2021-03-18 | WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of... |
| CVE-2021-26275 | 2021-03-18 | The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the... |
| CVE-2021-28653 | 2021-03-18 | The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave... |
| CVE-2021-21384 | 2021-03-18 | Null characters not escaped in shescape |
| CVE-2021-27221 | 2021-03-19 | MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because... |
| CVE-2021-27928 | 2021-03-19 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch... |
| CVE-2021-3327 | 2021-03-19 | Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. |
| CVE-2021-28109 | 2021-03-19 | TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). |
| CVE-2021-28110 | 2021-03-19 | /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. |
| CVE-2021-28126 | 2021-03-19 | index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability |
| CVE-2020-6577 | 2021-03-19 | The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection. |
| CVE-2020-6578 | 2021-03-19 | Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. |
| CVE-2021-25289 | 2021-03-19 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE:... |
| CVE-2021-25290 | 2021-03-19 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
| CVE-2021-25291 | 2021-03-19 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
| CVE-2021-25292 | 2021-03-19 | An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
| CVE-2021-25293 | 2021-03-19 | An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
| CVE-2021-28831 | 2021-03-19 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. |
| CVE-2020-25097 | 2021-03-19 | An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services... |
| CVE-2021-28089 | 2021-03-19 | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. |
| CVE-2021-28090 | 2021-03-19 | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. |
| CVE-2021-28834 | 2021-03-19 | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. |
| CVE-2021-27506 | 2021-03-19 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions... |
| CVE-2020-4635 | 2021-03-19 | IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. |
| CVE-2021-21387 | 2021-03-19 | Partial secret key disclosure, improper safety number calculation, & inadequate encryption strength |
| CVE-2021-21390 | 2021-03-19 | MITM modification of request bodies in MinIO |
| CVE-2021-27807 | 2021-03-19 | A carefully crafted PDF file can trigger an infinite loop while loading the file |
| CVE-2021-27906 | 2021-03-19 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file |
| CVE-2021-25277 | 2021-03-19 | FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. |
| CVE-2021-25278 | 2021-03-19 | FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. |
| CVE-2021-26991 | 2021-03-19 | Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. |
| CVE-2021-26992 | 2021-03-19 | Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). |
| CVE-2021-26990 | 2021-03-19 | Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. |
| CVE-2021-20077 | 2021-03-19 | Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on... |
| CVE-2019-10127 | 2021-03-19 | A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the... |
| CVE-2021-27520 | 2021-03-19 | A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. |
| CVE-2021-27519 | 2021-03-19 | A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. |
| CVE-2019-10128 | 2021-03-19 | A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the... |
| CVE-2019-10196 | 2021-03-19 | A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a... |