Lista CVE - 2021 / Aprile
Visualizzazione 1 - 100 di 1817 CVE per Aprile 2021 (Pagina 1 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-29421 | 2021-04-01 | models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. |
| CVE-2021-3447 | 2021-04-01 | A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on... |
| CVE-2020-36238 | 2021-04-01 | The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to... |
| CVE-2021-26071 | 2021-04-01 | The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to... |
| CVE-2020-36286 | 2021-04-01 | The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous... |
| CVE-2021-29942 | 2021-04-01 | An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large. |
| CVE-2021-29941 | 2021-04-01 | An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small. |
| CVE-2021-29940 | 2021-04-01 | An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function. |
| CVE-2021-29939 | 2021-04-01 | An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. |
| CVE-2021-29938 | 2021-04-01 | An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function. |
| CVE-2021-29937 | 2021-04-01 | An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). |
| CVE-2021-29936 | 2021-04-01 | An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix. |
| CVE-2021-29935 | 2021-04-01 | An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. |
| CVE-2021-29934 | 2021-04-01 | An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation. |
| CVE-2021-29933 | 2021-04-01 | An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics. |
| CVE-2021-29932 | 2021-04-01 | An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with... |
| CVE-2021-29931 | 2021-04-01 | An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop(). |
| CVE-2021-29930 | 2021-04-01 | An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default(). |
| CVE-2021-29929 | 2021-04-01 | An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. |
| CVE-2021-29251 | 2021-04-01 | BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured. |
| CVE-2021-29083 | 2021-04-01 | Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. |
| CVE-2021-28918 | 2021-04-01 | Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent... |
| CVE-2021-28545 | 2021-04-01 | Acrobat Reader DC Missing Support for Integrity Check |
| CVE-2021-28546 | 2021-04-01 | Acrobat Reader DC Missing Support for Integrity Check |
| CVE-2021-3393 | 2021-04-01 | An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could... |
| CVE-2021-20234 | 2021-04-01 | An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or... |
| CVE-2021-20235 | 2021-04-01 | There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as... |
| CVE-2021-22177 | 2021-04-01 | Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. |
| CVE-2021-28163 | 2021-04-01 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory... |
| CVE-2021-28164 | 2021-04-01 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example... |
| CVE-2021-28165 | 2021-04-01 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. |
| CVE-2021-22195 | 2021-04-01 | Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system |
| CVE-2021-22876 | 2021-04-01 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not... |
| CVE-2021-22890 | 2021-04-01 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a... |
| CVE-2021-20291 | 2021-04-01 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not... |
| CVE-2020-9147 | 2021-04-01 | A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read. |
| CVE-2020-9146 | 2021-04-01 | A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructing attack... |
| CVE-2020-9149 | 2021-04-01 | An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages. |
| CVE-2020-9148 | 2021-04-01 | An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages. |
| CVE-2021-25924 | 2021-04-01 | In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on... |
| CVE-2021-26718 | 2021-04-01 | KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. |
| CVE-2021-20078 | 2021-04-01 | Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker... |
| CVE-2021-26072 | 2021-04-01 | The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery... |
| CVE-2021-27653 | 2021-04-01 | Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. |
| CVE-2021-26580 | 2021-04-01 | A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update... |
| CVE-2021-26581 | 2021-04-01 | A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The... |
| CVE-2021-21982 | 2021-04-01 | VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware... |
| CVE-2020-19613 | 2021-04-01 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. |
| CVE-2020-19616 | 2021-04-01 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. |
| CVE-2020-19617 | 2021-04-01 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile. |
| CVE-2020-19618 | 2021-04-01 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. |
| CVE-2020-19619 | 2021-04-01 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile. |
| CVE-2021-28969 | 2021-04-01 | eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the... |
| CVE-2021-28970 | 2021-04-01 | eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According... |
| CVE-2021-28047 | 2021-04-01 | Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. |
| CVE-2021-21416 | 2021-04-01 | Potential sensitive information disclosed in error reports |
| CVE-2021-21420 | 2021-04-01 | Vulnerability in Stripe for Visual Studio Code < 1.7.3 |
| CVE-2021-23923 | 2021-04-01 | An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. |
| CVE-2021-23921 | 2021-04-01 | An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. |
| CVE-2021-23924 | 2021-04-01 | An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. |
| CVE-2021-23925 | 2021-04-01 | An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. |
| CVE-2021-23922 | 2021-04-01 | An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. |
| CVE-2021-21421 | 2021-04-01 | ApiKey secret could be revelated on network issue |
| CVE-2021-30004 | 2021-04-02 | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. |
| CVE-2021-30002 | 2021-04-02 | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. |
| CVE-2021-30003 | 2021-04-02 | An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. |
| CVE-2021-30000 | 2021-04-02 | An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. |
| CVE-2021-22696 | 2021-04-02 | OAuth 2 authorization service vulnerable to DDos attacks |
| CVE-2021-25893 | 2021-04-02 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. |
| CVE-2021-25894 | 2021-04-02 | Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. |
| CVE-2021-29012 | 2021-04-02 | DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times... |
| CVE-2021-29011 | 2021-04-02 | DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). |
| CVE-2021-29651 | 2021-04-02 | Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). |
| CVE-2021-29652 | 2021-04-02 | Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process |
| CVE-2021-28113 | 2021-04-02 | A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS... |
| CVE-2021-28123 | 2021-04-02 | Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the... |
| CVE-2021-21400 | 2021-04-02 | Entering code in App Lock modal sends input to conversation |
| CVE-2021-28124 | 2021-04-02 | A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow... |
| CVE-2019-20463 | 2021-04-02 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by... |
| CVE-2019-20464 | 2021-04-02 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device... |
| CVE-2019-20465 | 2021-04-02 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality. |
| CVE-2019-20466 | 2021-04-02 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file,... |
| CVE-2020-11925 | 2021-04-02 | An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across... |
| CVE-2020-11922 | 2021-04-02 | An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in... |
| CVE-2021-22196 | 2021-04-02 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch... |
| CVE-2021-22203 | 2021-04-02 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before... |
| CVE-2021-22201 | 2021-04-02 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. |
| CVE-2021-22198 | 2021-04-02 | An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. |
| CVE-2021-22197 | 2021-04-02 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having... |
| CVE-2021-22200 | 2021-04-02 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a... |
| CVE-2021-22202 | 2021-04-02 | An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the... |
| CVE-2020-9930 | 2021-04-02 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may... |
| CVE-2020-9960 | 2021-04-02 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update... |
| CVE-2020-9955 | 2021-04-02 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a... |
| CVE-2020-9962 | 2021-04-02 | A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update... |
| CVE-2020-9967 | 2021-04-02 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security... |
| CVE-2020-9971 | 2021-04-02 | A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may... |
| CVE-2020-9956 | 2021-04-02 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update... |
| CVE-2020-9926 | 2021-04-02 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS... |
| CVE-2020-10008 | 2021-04-02 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information. |