Lista CVE - 2021 / Aprile
Visualizzazione 1101 - 1200 di 1817 CVE per Aprile 2021 (Pagina 12 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-31329 | 2021-04-21 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php |
| CVE-2021-31327 | 2021-04-21 | Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. |
| CVE-2021-28167 | 2021-04-21 | In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static... |
| CVE-2020-23907 | 2021-04-21 | An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny... |
| CVE-2020-23912 | 2021-04-21 | An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial of Service. |
| CVE-2020-23914 | 2021-04-21 | An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service. |
| CVE-2020-23915 | 2021-04-21 | An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read. |
| CVE-2020-23921 | 2021-04-21 | An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read. |
| CVE-2020-23922 | 2021-04-21 | An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. |
| CVE-2020-23928 | 2021-04-21 | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. |
| CVE-2020-23930 | 2021-04-21 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. |
| CVE-2020-23931 | 2021-04-21 | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. |
| CVE-2020-23932 | 2021-04-21 | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. |
| CVE-2021-31523 | 2021-04-21 | The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of... |
| CVE-2021-29456 | 2021-04-21 | Authelia allows open redirects on the logout endpoint |
| CVE-2020-28973 | 2021-04-21 | The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the... |
| CVE-2020-36324 | 2021-04-21 | Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. |
| CVE-2021-21426 | 2021-04-21 | Fixes a bug in Zend Framework's Stream HTTP Wrapper |
| CVE-2021-21427 | 2021-04-21 | Backport for CVE-2021-21024 Blind SQLi from Magento 2 |
| CVE-2020-27568 | 2021-04-21 | Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an... |
| CVE-2020-27569 | 2021-04-21 | Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write... |
| CVE-2021-1074 | 2021-04-21 | NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This... |
| CVE-2021-1075 | 2021-04-21 | NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a... |
| CVE-2021-1078 | 2021-04-21 | NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash. |
| CVE-2021-2173 | 2021-04-22 | Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level... |
| CVE-2021-2175 | 2021-04-22 | Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create... |
| CVE-2021-2207 | 2021-04-22 | Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged... |
| CVE-2021-3496 | 2021-04-22 | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. |
| CVE-2021-29467 | 2021-04-22 | Self-XSS |
| CVE-2021-29465 | 2021-04-22 | Remote file overwrite on discord-recon can result in DoS and Remote Code Execution |
| CVE-2021-29466 | 2021-04-22 | Path Traversal at Discord-Recon .recon Command Path |
| CVE-2021-31555 | 2021-04-22 | An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length. |
| CVE-2021-31554 | 2021-04-22 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain... |
| CVE-2021-31553 | 2021-04-22 | An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service... |
| CVE-2021-31552 | 2021-04-22 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user... |
| CVE-2021-31551 | 2021-04-22 | An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages. |
| CVE-2021-31550 | 2021-04-22 | An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers. |
| CVE-2021-31549 | 2021-04-22 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users. |
| CVE-2021-31548 | 2021-04-22 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits... |
| CVE-2021-31547 | 2021-04-22 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules. |
| CVE-2021-31546 | 2021-04-22 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view... |
| CVE-2021-31545 | 2021-04-22 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted. |
| CVE-2021-3287 | 2021-04-22 | Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. |
| CVE-2021-27736 | 2021-04-22 | FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. |
| CVE-2021-22540 | 2021-04-22 | XSS in Dart SDK |
| CVE-2021-30476 | 2021-04-22 | HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1. |
| CVE-2021-29653 | 2021-04-22 | HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1. |
| CVE-2021-27400 | 2021-04-22 | HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1 |
| CVE-2020-7861 | 2021-04-22 | AnySupport directory traversing vulnerability |
| CVE-2021-28168 | 2021-04-22 | Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file... |
| CVE-2021-30356 | 2021-04-22 | A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. |
| CVE-2021-27277 | 2021-04-22 | This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on... |
| CVE-2021-27278 | 2021-04-22 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest... |
| CVE-2021-31571 | 2021-04-22 | The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. |
| CVE-2021-31572 | 2021-04-22 | The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. |
| CVE-2020-7858 | 2021-04-22 | AquaNPlayer directory traversing vulnerability |
| CVE-2021-23133 | 2021-04-22 | Linux Kernel sctp_destroy_sock race condition |
| CVE-2021-20590 | 2021-04-22 | Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC... |
| CVE-2021-0214 | 2021-04-22 | Junos OS: Denial of Service in ppmd upon receipt of malformed packet |
| CVE-2021-0216 | 2021-04-22 | Junos OS: ACX5448, ACX710: BFD sessions might flap due to high rate of transit ARP packets |
| CVE-2021-0224 | 2021-04-22 | Junos OS: ANCPD core when hitting maximum-discovery-table-entries limit |
| CVE-2021-0225 | 2021-04-22 | Junos OS Evolved: Stateless IP firewall filter does not work as expected |
| CVE-2021-0226 | 2021-04-22 | Junos OS Evolved: The IPv6 BGP session will flap due to receipt of a specific IPv6 packet |
| CVE-2021-0227 | 2021-04-22 | Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets |
| CVE-2021-0228 | 2021-04-22 | Junos OS: MX Series: DDoS LACP violation upon receipt of specific layer 2 frames in EVPN-VXLAN deployment |
| CVE-2021-0229 | 2021-04-22 | Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server |
| CVE-2021-0230 | 2021-04-22 | Junos OS: SRX Series: Memory leak when querying Aggregated Ethernet (AE) interface statistics |
| CVE-2021-0231 | 2021-04-22 | Junos OS: SRX, vSRX Series: J-Web Path traversal vulnerability in SRX and vSRX Series leads to information disclosure. |
| CVE-2021-0232 | 2021-04-22 | Paragon Active Assurance: Authentication bypass vulnerability in Control Center |
| CVE-2021-0233 | 2021-04-22 | Junos OS: ACX500 Series, ACX4000 Series: Denial of Service due to FFEB crash while processing high rate of specific packets. |
| CVE-2021-0234 | 2021-04-22 | Junos OS: QFX5100-96S: DDoS protection does not work as expected. |
| CVE-2021-0235 | 2021-04-22 | Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks |
| CVE-2021-0236 | 2021-04-22 | Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core. |
| CVE-2021-0237 | 2021-04-22 | Junos OS: EX4300-MP/EX4600/EX4650/QFX5K Series: Packet Forwarding Engine manager (FXPC) process crashes when deployed in a Virtual Chassis (VC) configuration |
| CVE-2021-0238 | 2021-04-22 | Junos OS: MX Series: Executing CLI command repetitively may cause the system to run out of disk space |
| CVE-2021-0239 | 2021-04-22 | Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames. |
| CVE-2021-0240 | 2021-04-22 | Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. |
| CVE-2021-0241 | 2021-04-22 | Junos OS: Receipt of specific DHCPv6 packet may cause jdhcpd to crash and restart |
| CVE-2021-0242 | 2021-04-22 | Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured |
| CVE-2021-0243 | 2021-04-22 | Junos OS: EX4300: Stateless firewall policer fails to discard traffic |
| CVE-2021-0244 | 2021-04-22 | Junos OS: A race condition in the storm control profile may allow an attacker to cause a Denial of Service condition |
| CVE-2021-0245 | 2021-04-22 | Junos OS: Junos Fusion: Hard-coded credentials on satellite devices allows a locally authenticated attacker to elevate their privileges. |
| CVE-2021-0246 | 2021-04-22 | Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3: In a multi-tenant environment, a tenant host administrator may be able to jailbreak out of their network impacting other tenant networks or gather information from other networks. |
| CVE-2021-0247 | 2021-04-22 | Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration. |
| CVE-2021-0248 | 2021-04-22 | NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces. |
| CVE-2021-0249 | 2021-04-22 | Junos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbitrarily remotely execute code or commands on the target device with UTM enabled. |
| CVE-2021-0250 | 2021-04-22 | Junos OS and Junos OS Evolved: An attacker sending a specific crafted BGP update message will crash RPD |
| CVE-2021-0251 | 2021-04-22 | Junos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services service activation portal is vulnerable to a Denial of Service (DoS) via malformed HTTP packets |
| CVE-2021-0252 | 2021-04-22 | Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation |
| CVE-2021-0253 | 2021-04-22 | Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation |
| CVE-2021-0254 | 2021-04-22 | Junos OS: Remote code execution vulnerability in overlayd service |
| CVE-2021-0255 | 2021-04-22 | Junos OS: ethtraceroute Local Privilege Escalation vulnerability in SUID binaries |
| CVE-2021-0256 | 2021-04-22 | Junos OS: mosquitto Local Privilege Escalation vulnerability in SUID binaries |
| CVE-2021-0257 | 2021-04-22 | Junos OS: MX Series, EX9200 Series: Trio-based MPCs memory leak in VPLS with integrated routing and bridging (IRB) interface |
| CVE-2021-0258 | 2021-04-22 | Junos OS: Kernel panic upon receipt of specific TCPv6 packet on management interface |
| CVE-2021-0259 | 2021-04-22 | Junos OS and Junos OS Evolved: QFX5K Series: Underlay network traffic might not be processed upon receipt of high rate of specific genuine overlay packets in VXLAN scenario |
| CVE-2021-0260 | 2021-04-22 | Junos OS: SNMP fails to properly perform authorization checks on incoming received SNMP requests. |
| CVE-2021-0261 | 2021-04-22 | Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests |
| CVE-2021-0262 | 2021-04-22 | Junos OS: QFX10002-60C: Use after free vulnerability found during static code analysis |
| CVE-2021-0263 | 2021-04-22 | Junos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabled |