Lista CVE - 2021 / Aprile
Visualizzazione 1401 - 1500 di 1817 CVE per Aprile 2021 (Pagina 15 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-2302 | 2021-04-22 | Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2021-2303 | 2021-04-22 | Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). The supported version that is affected is Prior to 2.12.41. Easily exploitable vulnerability allows high privileged... |
| CVE-2021-2304 | 2021-04-22 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2021-2305 | 2021-04-22 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2021-2306 | 2021-04-22 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2021-2307 | 2021-04-22 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2021-2308 | 2021-04-22 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2021-2309 | 2021-04-22 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker... |
| CVE-2021-2310 | 2021-04-22 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker... |
| CVE-2021-2311 | 2021-04-22 | Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications (component: Export to Reporting and Analytics). The supported version that is affected is 9.1.0. Easily exploitable... |
| CVE-2021-2312 | 2021-04-22 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2021-2314 | 2021-04-22 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Profiles). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2021-2315 | 2021-04-22 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2021-2316 | 2021-04-22 | Vulnerability in the Oracle HRMS (France) product of Oracle E-Business Suite (component: French HR). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2021-2317 | 2021-04-22 | Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows... |
| CVE-2021-2318 | 2021-04-22 | Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows... |
| CVE-2021-2319 | 2021-04-22 | Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows... |
| CVE-2021-2320 | 2021-04-22 | Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows... |
| CVE-2021-22199 | 2021-04-22 | An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. |
| CVE-2021-31597 | 2021-04-22 | The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request... |
| CVE-2021-29470 | 2021-04-23 | Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header |
| CVE-2021-31607 | 2021-04-23 | In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file... |
| CVE-2021-26291 | 2021-04-23 | block repositories using http by default |
| CVE-2021-25382 | 2021-04-23 | An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. |
| CVE-2020-7385 | 2021-04-23 | Metasploit Framework 'drb_remote_codeexec' code execution |
| CVE-2021-26908 | 2021-04-23 | Automox Agent Sensitive Log Information Disclosure |
| CVE-2021-26909 | 2021-04-23 | Automox Agent Guessable S3 Bucket Endpoint |
| CVE-2018-25007 | 2021-04-23 | Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 |
| CVE-2019-25027 | 2021-04-23 | Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 |
| CVE-2019-25028 | 2021-04-23 | Stored cross-site scripting in Grid component in Vaadin 7 and 8 |
| CVE-2020-36319 | 2021-04-23 | Potential sensitive data exposure in applications using Vaadin 15 |
| CVE-2020-36320 | 2021-04-23 | Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7 |
| CVE-2020-36321 | 2021-04-23 | Directory traversal in development mode handler in Vaadin 14 and 15-17 |
| CVE-2021-31403 | 2021-04-23 | Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 |
| CVE-2021-31404 | 2021-04-23 | Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 |
| CVE-2021-31405 | 2021-04-23 | Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 |
| CVE-2021-31406 | 2021-04-23 | Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 |
| CVE-2021-31407 | 2021-04-23 | Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 |
| CVE-2021-31408 | 2021-04-23 | Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 |
| CVE-2021-31410 | 2021-04-23 | Project sources exposure in Vaadin Designer |
| CVE-2021-31540 | 2021-04-23 | Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write... |
| CVE-2021-31539 | 2021-04-23 | Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords. |
| CVE-2021-22893 | 2021-04-23 | Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that... |
| CVE-2021-22682 | 2021-04-23 | Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to... |
| CVE-2021-22204 | 2021-04-23 | Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image |
| CVE-2021-22678 | 2021-04-23 | Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to... |
| CVE-2021-22207 | 2021-04-23 | Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file |
| CVE-2021-22205 | 2021-04-23 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted... |
| CVE-2021-20084 | 2021-04-23 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. |
| CVE-2021-20088 | 2021-04-23 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype. |
| CVE-2021-20087 | 2021-04-23 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. |
| CVE-2021-29469 | 2021-04-23 | Potential exponential regex in monitor mode |
| CVE-2021-20086 | 2021-04-23 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. |
| CVE-2021-20089 | 2021-04-23 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype. |
| CVE-2021-20085 | 2021-04-23 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype. |
| CVE-2021-20083 | 2021-04-23 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. |
| CVE-2021-31780 | 2021-04-23 | In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event... |
| CVE-2020-7034 | 2021-04-23 | Command injection in Avaya Session Border Controller for Enterprise |
| CVE-2020-17542 | 2021-04-23 | Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component. |
| CVE-2021-29158 | 2021-04-23 | Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. |
| CVE-2021-25898 | 2021-04-23 | An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value... |
| CVE-2021-25899 | 2021-04-23 | An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable... |
| CVE-2021-31583 | 2021-04-23 | Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters... |
| CVE-2021-31584 | 2021-04-23 | Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. |
| CVE-2020-7035 | 2021-04-23 | XXE in Avaya Aura Orchestration Designer |
| CVE-2020-7036 | 2021-04-23 | XXE in Avaya Callback Assist Administration |
| CVE-2021-31791 | 2021-04-23 | In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. |
| CVE-2021-31598 | 2021-04-24 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. |
| CVE-2021-31795 | 2021-04-24 | The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR. |
| CVE-2021-31794 | 2021-04-24 | Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header. |
| CVE-2021-31712 | 2021-04-24 | react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to... |
| CVE-2021-30502 | 2021-04-25 | The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand. |
| CVE-2021-31726 | 2021-04-25 | Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0). |
| CVE-2021-31760 | 2021-04-25 | Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. |
| CVE-2021-31761 | 2021-04-25 | Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. |
| CVE-2021-31762 | 2021-04-25 | Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process... |
| CVE-2021-31718 | 2021-04-25 | The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution. |
| CVE-2021-29473 | 2021-04-26 | Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata |
| CVE-2021-21220 | 2021-04-26 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-20680 | 2021-04-26 | Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and... |
| CVE-2021-20693 | 2021-04-26 | Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary... |
| CVE-2021-20694 | 2021-04-26 | Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. |
| CVE-2021-20695 | 2021-04-26 | Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors. |
| CVE-2021-20696 | 2021-04-26 | DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program. |
| CVE-2021-20697 | 2021-04-26 | Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via... |
| CVE-2021-20708 | 2021-04-26 | NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands... |
| CVE-2021-20709 | 2021-04-26 | Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an... |
| CVE-2021-20710 | 2021-04-26 | Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20711 | 2021-04-26 | Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. |
| CVE-2021-20712 | 2021-04-26 | Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed... |
| CVE-2021-31804 | 2021-04-26 | LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document. |
| CVE-2021-31803 | 2021-04-26 | cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581). |
| CVE-2021-23365 | 2021-04-26 | Authentication Bypass |
| CVE-2021-25927 | 2021-04-26 | Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2021-25928 | 2021-04-26 | Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2021-26797 | 2021-04-26 | An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service. |
| CVE-2021-28079 | 2021-04-26 | Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a... |
| CVE-2021-31802 | 2021-04-26 | NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker... |
| CVE-2020-15078 | 2021-04-26 | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger... |
| CVE-2021-25838 | 2021-04-26 | The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload. |