Lista CVE - 2021 / Maggio
Visualizzazione 201 - 300 di 1494 CVE per Maggio 2021 (Pagina 3 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-28152 | 2021-05-06 | Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default... |
| CVE-2021-28150 | 2021-05-06 | Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. |
| CVE-2021-28149 | 2021-05-06 | Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from... |
| CVE-2021-3507 | 2021-05-06 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers... |
| CVE-2021-31829 | 2021-05-06 | kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF... |
| CVE-2021-32052 | 2021-05-06 | In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If... |
| CVE-2021-31916 | 2021-05-06 | An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker... |
| CVE-2021-31918 | 2021-05-06 | A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest... |
| CVE-2019-25043 | 2021-05-06 | ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. |
| CVE-2021-31793 | 2021-05-06 | An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web... |
| CVE-2020-18889 | 2021-05-06 | Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php. |
| CVE-2020-18890 | 2021-05-06 | Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php. |
| CVE-2020-18888 | 2021-05-06 | Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php. |
| CVE-2021-31828 | 2021-05-06 | An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the... |
| CVE-2020-28198 | 2021-05-06 | The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be... |
| CVE-2021-28665 | 2021-05-06 | Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly... |
| CVE-2021-29493 | 2021-05-06 | Kennnyshiwa-cogs vulnerable to Remote Code Execution in Tickets Module |
| CVE-2021-31737 | 2021-05-06 | emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php. |
| CVE-2021-29203 | 2021-05-06 | A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited... |
| CVE-2021-27941 | 2021-05-06 | Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows... |
| CVE-2020-23263 | 2021-05-06 | Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add. |
| CVE-2020-23264 | 2021-05-06 | Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. |
| CVE-2021-32077 | 2021-05-06 | Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search... |
| CVE-2021-32104 | 2021-05-07 | A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1. |
| CVE-2021-32103 | 2021-05-07 | A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter. |
| CVE-2021-32102 | 2021-05-07 | A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1. |
| CVE-2021-32101 | 2021-05-07 | The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission... |
| CVE-2021-32100 | 2021-05-07 | A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user. |
| CVE-2021-32099 | 2021-05-07 | A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a... |
| CVE-2021-32098 | 2021-05-07 | Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. |
| CVE-2021-32096 | 2021-05-07 | The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter. |
| CVE-2021-32095 | 2021-05-07 | U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files. |
| CVE-2021-32094 | 2021-05-07 | U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files. |
| CVE-2021-32093 | 2021-05-07 | The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter. |
| CVE-2021-32092 | 2021-05-07 | A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid... |
| CVE-2021-32091 | 2021-05-07 | A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. |
| CVE-2021-32090 | 2021-05-07 | The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. |
| CVE-2021-32074 | 2021-05-07 | HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log... |
| CVE-2020-29444 | 2021-05-07 | Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters. |
| CVE-2020-29445 | 2021-05-07 | Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team... |
| CVE-2020-11254 | 2021-05-07 | Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2020-11268 | 2021-05-07 | Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile |
| CVE-2020-11273 | 2021-05-07 | Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to... |
| CVE-2020-11274 | 2021-05-07 | Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2020-11279 | 2021-05-07 | Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11284 | 2021-05-07 | Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in... |
| CVE-2020-11285 | 2021-05-07 | Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2020-11288 | 2021-05-07 | Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-11289 | 2021-05-07 | Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2020-11293 | 2021-05-07 | Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon... |
| CVE-2020-11294 | 2021-05-07 | Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2020-11295 | 2021-05-07 | Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2021-1891 | 2021-05-07 | A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-1895 | 2021-05-07 | Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music |
| CVE-2021-1905 | 2021-05-07 | Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-1906 | 2021-05-07 | Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-1910 | 2021-05-07 | Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2021-1915 | 2021-05-07 | Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-1925 | 2021-05-07 | Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-1927 | 2021-05-07 | Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2021-30170 | 2021-05-07 | Jun-He Technology Ltd. ERP POS - Stored XSS-1 |
| CVE-2021-30171 | 2021-05-07 | Jun-He Technology Ltd. ERP POS - Stored XSS-2 |
| CVE-2021-30172 | 2021-05-07 | Jun-He Technology Ltd. Quan-Fang-Wei-Tong-Xun system - Reflected XSS |
| CVE-2021-30173 | 2021-05-07 | Jun-He Technology Ltd. Quan-Fang-Wei-Tong-Xun system - Local File Inclusion |
| CVE-2020-36128 | 2021-05-07 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. This allows the store... |
| CVE-2020-36127 | 2021-05-07 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and... |
| CVE-2020-36126 | 2021-05-07 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write... |
| CVE-2020-36125 | 2021-05-07 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint... |
| CVE-2020-36124 | 2021-05-07 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to... |
| CVE-2021-26122 | 2021-05-07 | LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm. |
| CVE-2021-26123 | 2021-05-07 | LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm. |
| CVE-2021-21984 | 2021-05-07 | VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this... |
| CVE-2020-14009 | 2021-05-07 | Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The... |
| CVE-2021-3502 | 2021-05-07 | A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the... |
| CVE-2021-22675 | 2021-05-07 | The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12... |
| CVE-2021-22679 | 2021-05-07 | The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and... |
| CVE-2021-22671 | 2021-05-07 | Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK... |
| CVE-2021-22673 | 2021-05-07 | The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink... |
| CVE-2021-21419 | 2021-05-07 | Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet |
| CVE-2021-27437 | 2021-05-07 | The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs.... |
| CVE-2021-29488 | 2021-05-07 | Creation of files outside the Download Folder through malicious PAR2 files |
| CVE-2021-22677 | 2021-05-07 | An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code... |
| CVE-2021-29495 | 2021-05-07 | Nim stdlib httpClient does not validate peer certificates by default |
| CVE-2020-4901 | 2021-05-07 | IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force... |
| CVE-2021-27569 | 2021-05-07 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet.... |
| CVE-2021-27570 | 2021-05-07 | An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent... |
| CVE-2021-27571 | 2021-05-07 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext... |
| CVE-2021-27572 | 2021-05-07 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when... |
| CVE-2021-27573 | 2021-05-07 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication. |
| CVE-2021-27574 | 2021-05-07 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary... |
| CVE-2021-32470 | 2021-05-07 | Craft CMS before 3.6.13 has an XSS vulnerability. |
| CVE-2021-31441 | 2021-05-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31442 | 2021-05-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31443 | 2021-05-07 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31444 | 2021-05-07 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31445 | 2021-05-07 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31446 | 2021-05-07 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31447 | 2021-05-07 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31448 | 2021-05-07 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2021-31449 | 2021-05-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit... |