Lista CVE - 2021 / Aprile
Visualizzazione 1501 - 1600 di 1817 CVE per Aprile 2021 (Pagina 16 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-25839 | 2021-04-26 | A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. |
| CVE-2021-28399 | 2021-04-26 | OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function. |
| CVE-2021-3494 | 2021-04-26 | A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman... |
| CVE-2021-3472 | 2021-04-26 | A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this... |
| CVE-2021-23382 | 2021-04-26 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-27851 | 2021-04-26 | Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed' |
| CVE-2021-21206 | 2021-04-26 | Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21201 | 2021-04-26 | Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2021-21202 | 2021-04-26 | Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2021-21203 | 2021-04-26 | Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21204 | 2021-04-26 | Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21205 | 2021-04-26 | Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2021-21207 | 2021-04-26 | Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2021-21208 | 2021-04-26 | Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. |
| CVE-2021-21209 | 2021-04-26 | Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-21210 | 2021-04-26 | Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. |
| CVE-2021-21211 | 2021-04-26 | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-21212 | 2021-04-26 | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. |
| CVE-2021-21213 | 2021-04-26 | Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21214 | 2021-04-26 | Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. |
| CVE-2021-21215 | 2021-04-26 | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. |
| CVE-2021-21216 | 2021-04-26 | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. |
| CVE-2021-21217 | 2021-04-26 | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
| CVE-2021-21218 | 2021-04-26 | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
| CVE-2021-21219 | 2021-04-26 | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
| CVE-2021-21221 | 2021-04-26 | Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted... |
| CVE-2020-4562 | 2021-04-26 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. |
| CVE-2021-20432 | 2021-04-26 | IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name... |
| CVE-2021-20532 | 2021-04-26 | IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force... |
| CVE-2021-20536 | 2021-04-26 | IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. |
| CVE-2021-20546 | 2021-04-26 | IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application... |
| CVE-2021-29672 | 2021-04-26 | IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow... |
| CVE-2021-29694 | 2021-04-26 | IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258. |
| CVE-2021-21222 | 2021-04-26 | Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. |
| CVE-2021-21223 | 2021-04-26 | Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML... |
| CVE-2021-21224 | 2021-04-26 | Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2021-21225 | 2021-04-26 | Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21226 | 2021-04-26 | Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2020-36325 | 2021-04-26 | An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a... |
| CVE-2021-31784 | 2021-04-26 | An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers... |
| CVE-2021-31783 | 2021-04-26 | show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check. |
| CVE-2021-31646 | 2021-04-26 | Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password... |
| CVE-2021-29475 | 2021-04-26 | PDF export allows arbitrary file reads |
| CVE-2021-22669 | 2021-04-26 | Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s... |
| CVE-2021-29474 | 2021-04-26 | Relative Path Traversal Attack on note creation |
| CVE-2021-31671 | 2021-04-27 | pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be... |
| CVE-2021-30635 | 2021-04-27 | Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific... |
| CVE-2021-30165 | 2021-04-27 | EDIMAX Technology Co., Ltd. HD Wireless Day & Night Network Camera IC-3140W - Hard-coded password |
| CVE-2021-31826 | 2021-04-27 | Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not... |
| CVE-2019-25042 | 2021-04-27 | Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... |
| CVE-2019-25041 | 2021-04-27 | Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... |
| CVE-2019-25040 | 2021-04-27 | Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... |
| CVE-2019-25039 | 2021-04-27 | Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... |
| CVE-2019-25038 | 2021-04-27 | Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... |
| CVE-2019-25037 | 2021-04-27 | Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may... |
| CVE-2019-25036 | 2021-04-27 | Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... |
| CVE-2019-25035 | 2021-04-27 | Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be... |
| CVE-2019-25034 | 2021-04-27 | Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a... |
| CVE-2019-25033 | 2021-04-27 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable,... |
| CVE-2019-25032 | 2021-04-27 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... |
| CVE-2019-25031 | 2021-04-27 | Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound... |
| CVE-2021-20714 | 2021-04-27 | Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. |
| CVE-2021-20715 | 2021-04-27 | Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access... |
| CVE-2020-17517 | 2021-04-27 | Ozone S3 Gateway allows bucket and key access to non authenticated users |
| CVE-2021-28125 | 2021-04-27 | Apache Superset Open Redirect |
| CVE-2020-35542 | 2021-04-27 | Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack. |
| CVE-2021-27480 | 2021-04-27 | Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. |
| CVE-2021-22660 | 2021-04-27 | CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. |
| CVE-2021-22664 | 2021-04-27 | CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. |
| CVE-2021-28271 | 2021-04-27 | Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The... |
| CVE-2021-30642 | 2021-04-27 | An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to... |
| CVE-2021-28269 | 2021-04-27 | Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions. |
| CVE-2021-3451 | 2021-04-27 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. |
| CVE-2021-3464 | 2021-04-27 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. |
| CVE-2020-4981 | 2021-04-27 | IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541. |
| CVE-2021-20448 | 2021-04-27 | IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2021-20549 | 2021-04-27 | IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2021-20550 | 2021-04-27 | IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2021-29666 | 2021-04-27 | IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-29667 | 2021-04-27 | IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation... |
| CVE-2020-21987 | 2021-04-27 | HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to... |
| CVE-2020-21989 | 2021-04-27 | HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the... |
| CVE-2020-21998 | 2021-04-27 | In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a... |
| CVE-2020-22000 | 2021-04-27 | HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the... |
| CVE-2020-22001 | 2021-04-27 | HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart... |
| CVE-2021-30638 | 2021-04-27 | An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later |
| CVE-2021-21365 | 2021-04-27 | Cross-Site Scripting in Content Rendering |
| CVE-2021-29200 | 2021-04-27 | RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI |
| CVE-2021-30128 | 2021-04-27 | Unsafe deserialization in Apache OFBiz |
| CVE-2021-21429 | 2021-04-27 | Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin |
| CVE-2021-29460 | 2021-04-27 | Cross-site scripting (XSS) from unsanitized uploaded SVG files |
| CVE-2021-29442 | 2021-04-27 | Authentication bypass |
| CVE-2021-29441 | 2021-04-27 | Authentication bypass |
| CVE-2021-29472 | 2021-04-27 | Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer |
| CVE-2021-29476 | 2021-04-27 | Insecure Deserialization of untrusted data in rmccue/requests |
| CVE-2021-20716 | 2021-04-28 | Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32... |
| CVE-2021-3511 | 2021-04-28 | Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware... |
| CVE-2021-3512 | 2021-04-28 | Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware... |
| CVE-2021-31815 | 2021-04-28 | GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because... |
| CVE-2020-36326 | 2021-04-28 | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem... |