Lista CVE - 2021 / Aprile
Visualizzazione 201 - 300 di 1817 CVE per Aprile 2021 (Pagina 3 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-1789 | 2021-04-02 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS... |
| CVE-2021-1791 | 2021-04-02 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security... |
| CVE-2021-1790 | 2021-04-02 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted... |
| CVE-2021-1794 | 2021-04-02 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2021-1795 | 2021-04-02 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2021-1793 | 2021-04-02 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4... |
| CVE-2021-1796 | 2021-04-02 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2021-1797 | 2021-04-02 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS... |
| CVE-2021-1800 | 2021-04-02 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device... |
| CVE-2021-1799 | 2021-04-02 | A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS... |
| CVE-2021-1802 | 2021-04-02 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may... |
| CVE-2021-1803 | 2021-04-02 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents. |
| CVE-2021-1806 | 2021-04-02 | A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application... |
| CVE-2021-1801 | 2021-04-02 | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4,... |
| CVE-2021-1805 | 2021-04-02 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An... |
| CVE-2021-1870 | 2021-04-02 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4.... |
| CVE-2021-1871 | 2021-04-02 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4.... |
| CVE-2021-1844 | 2021-04-02 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur... |
| CVE-2021-1879 | 2021-04-02 | This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may... |
| CVE-2020-11923 | 2021-04-02 | An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. |
| CVE-2021-1818 | 2021-04-02 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4,... |
| CVE-2020-11924 | 2021-04-02 | An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. |
| CVE-2021-3374 | 2021-04-02 | Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. |
| CVE-2021-1761 | 2021-04-02 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4... |
| CVE-2021-27973 | 2021-04-02 | SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. |
| CVE-2021-1753 | 2021-04-02 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS... |
| CVE-2021-29660 | 2021-04-02 | A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a... |
| CVE-2021-29661 | 2021-04-02 | Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every... |
| CVE-2021-28940 | 2021-04-02 | Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an... |
| CVE-2021-28941 | 2021-04-02 | Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request... |
| CVE-2021-30125 | 2021-04-02 | Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. |
| CVE-2021-30126 | 2021-04-02 | Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a... |
| CVE-2021-30072 | 2021-04-02 | An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. |
| CVE-2020-21585 | 2021-04-02 | Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. |
| CVE-2020-21588 | 2021-04-02 | Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox. |
| CVE-2020-21590 | 2021-04-02 | Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. |
| CVE-2020-27600 | 2021-04-02 | HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. |
| CVE-2021-30074 | 2021-04-02 | docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. |
| CVE-2021-21529 | 2021-04-02 | Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the... |
| CVE-2021-21532 | 2021-04-02 | Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing... |
| CVE-2021-21533 | 2021-04-02 | Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other... |
| CVE-2021-30127 | 2021-04-03 | TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only... |
| CVE-2020-17453 | 2021-04-05 | WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. |
| CVE-2021-28832 | 2021-04-05 | VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. |
| CVE-2021-29261 | 2021-04-05 | The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration. |
| CVE-2021-29996 | 2021-04-05 | Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. |
| CVE-2021-30058 | 2021-04-05 | Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. |
| CVE-2021-30057 | 2021-04-05 | A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters. |
| CVE-2021-30056 | 2021-04-05 | Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. |
| CVE-2021-30055 | 2021-04-05 | A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report. |
| CVE-2021-30109 | 2021-04-05 | Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. |
| CVE-2020-4792 | 2021-04-05 | IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2020-4997 | 2021-04-05 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-24150 | 2021-04-05 | Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF |
| CVE-2021-24152 | 2021-04-05 | Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24153 | 2021-04-05 | Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24154 | 2021-04-05 | Theme Editor < 2.6 - Authenticated Arbitrary File Download |
| CVE-2021-24155 | 2021-04-05 | Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload |
| CVE-2021-24156 | 2021-04-05 | Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24157 | 2021-04-05 | Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting |
| CVE-2021-24158 | 2021-04-05 | Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation |
| CVE-2021-24159 | 2021-04-05 | Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-24160 | 2021-04-05 | Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File Upload |
| CVE-2021-24161 | 2021-04-05 | Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload |
| CVE-2021-24162 | 2021-04-05 | Responsive Menu < 4.0.4 - CSRF to Settings Update |
| CVE-2021-24163 | 2021-04-05 | Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure |
| CVE-2021-24164 | 2021-04-05 | Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure |
| CVE-2021-24165 | 2021-04-05 | Ninja Forms < 3.4.34 - Administrator Open Redirect |
| CVE-2021-24166 | 2021-04-05 | Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection |
| CVE-2021-24167 | 2021-04-05 | Web-Stat < 1.4.1 - API Key Disclosure |
| CVE-2021-24168 | 2021-04-05 | Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24169 | 2021-04-05 | Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24170 | 2021-04-05 | User Profile Picture < 2.5.0 - Sensitive Information Disclosure |
| CVE-2021-24171 | 2021-04-05 | WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload |
| CVE-2021-24172 | 2021-04-05 | VM Backups <= 1.0 - CSRF to Database Backup Download |
| CVE-2021-24173 | 2021-04-05 | VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24174 | 2021-04-05 | Database Backups <= 1.2.2.6 - CSRF to Backup Download |
| CVE-2021-24175 | 2021-04-05 | The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass |
| CVE-2021-24176 | 2021-04-05 | JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24177 | 2021-04-05 | WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24180 | 2021-04-05 | Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24181 | 2021-04-05 | Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct |
| CVE-2021-24182 | 2021-04-05 | Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question |
| CVE-2021-24183 | 2021-04-05 | Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form |
| CVE-2021-24184 | 2021-04-05 | Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation |
| CVE-2021-24185 | 2021-04-05 | Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating |
| CVE-2021-24186 | 2021-04-05 | Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id |
| CVE-2021-24187 | 2021-04-05 | SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24196 | 2021-04-05 | Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24201 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element |
| CVE-2021-24202 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget |
| CVE-2021-24203 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget |
| CVE-2021-24204 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget |
| CVE-2021-24205 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget |
| CVE-2021-24206 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget |
| CVE-2021-24207 | 2021-04-05 | WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts |
| CVE-2021-24208 | 2021-04-05 | WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS) |
| CVE-2021-24209 | 2021-04-05 | WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE) |
| CVE-2021-24210 | 2021-04-05 | PhastPress < 1.111 - Open Redirect |
| CVE-2021-24211 | 2021-04-05 | WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS) |