Lista CVE - 2021 / Giugno
Visualizzazione 901 - 1000 di 1691 CVE per Giugno 2021 (Pagina 10 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-27196 | 2021-06-14 | Specially Crafted IEC 61850 Protocol Sequence Vulnerability |
| CVE-2021-27887 | 2021-06-14 | Stored XSS vulnerability in Ellipse APM |
| CVE-2021-26845 | 2021-06-14 | eSOMS Report Function Vulnerability |
| CVE-2021-20027 | 2021-06-14 | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7... |
| CVE-2021-32684 | 2021-06-14 | Missing Handler in @scandipwa/magento-scripts |
| CVE-2021-31618 | 2021-06-15 | NULL pointer dereference on specially crafted HTTP/2 request |
| CVE-2021-3592 | 2021-06-15 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that... |
| CVE-2021-3593 | 2021-06-15 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that... |
| CVE-2021-3594 | 2021-06-15 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that... |
| CVE-2021-3595 | 2021-06-15 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that... |
| CVE-2021-34129 | 2021-06-15 | LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via... |
| CVE-2021-34128 | 2021-06-15 | LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. |
| CVE-2020-7864 | 2021-06-15 | Raonwiz DEXT5 Editor File upload and Execution vulnerability |
| CVE-2021-34170 | 2021-06-15 | Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. |
| CVE-2020-21316 | 2021-06-15 | A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter... |
| CVE-2021-33887 | 2021-06-15 | Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader. |
| CVE-2021-33622 | 2021-06-15 | Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. |
| CVE-2021-31478 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31479 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31480 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31481 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31482 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31483 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31484 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31485 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31486 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31487 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31488 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31489 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31490 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31491 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31492 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31493 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31494 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31495 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31496 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31497 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31498 | 2021-06-15 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31499 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31500 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31501 | 2021-06-15 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31502 | 2021-06-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2020-5000 | 2021-06-15 | IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-32683 | 2021-06-15 | XSS through createObjectURL |
| CVE-2021-23395 | 2021-06-15 | Prototype Pollution |
| CVE-2021-27388 | 2021-06-15 | SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution... |
| CVE-2020-29214 | 2021-06-15 | SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php. |
| CVE-2020-29215 | 2021-06-15 | A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account. |
| CVE-2021-30544 | 2021-06-15 | Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30545 | 2021-06-15 | Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2021-30546 | 2021-06-15 | Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30547 | 2021-06-15 | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2021-30548 | 2021-06-15 | Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30549 | 2021-06-15 | Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2021-30550 | 2021-06-15 | Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30551 | 2021-06-15 | Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30552 | 2021-06-15 | Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30553 | 2021-06-15 | Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-28858 | 2021-06-15 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. |
| CVE-2021-28857 | 2021-06-15 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. |
| CVE-2021-24037 | 2021-06-15 | A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only... |
| CVE-2021-32623 | 2021-06-15 | Opencast vulnerable to billion laughs attack (XML bomb) |
| CVE-2021-32676 | 2021-06-16 | Session Fixation in Nextcloud Talk |
| CVE-2021-32685 | 2021-06-16 | Improper Verification of Cryptographic Signature in tenvoy |
| CVE-2021-3535 | 2021-06-16 | Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could... |
| CVE-2021-28815 | 2021-06-16 | Insecure Storage of Sensitive Information in myQNAPcloud Link |
| CVE-2020-9493 | 2021-06-16 | Java deserialization in Chainsaw |
| CVE-2021-21441 | 2021-06-16 | XSS in the ticket overview screens |
| CVE-2021-20093 | 2021-06-16 | A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. |
| CVE-2021-20094 | 2021-06-16 | A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. |
| CVE-2021-33813 | 2021-06-16 | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. |
| CVE-2021-28979 | 2021-06-16 | SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split... |
| CVE-2021-32033 | 2021-06-16 | Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be... |
| CVE-2021-32612 | 2021-06-16 | The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and... |
| CVE-2021-34683 | 2021-06-16 | An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in... |
| CVE-2021-27489 | 2021-06-16 | ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands. |
| CVE-2021-27481 | 2021-06-16 | ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access... |
| CVE-2021-27487 | 2021-06-16 | ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. |
| CVE-2021-30468 | 2021-06-16 | Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter |
| CVE-2021-27479 | 2021-06-16 | ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege... |
| CVE-2021-27485 | 2021-06-16 | ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web... |
| CVE-2021-27483 | 2021-06-16 | ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. |
| CVE-2021-32928 | 2021-06-16 | The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While... |
| CVE-2021-31857 | 2021-06-16 | In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. |
| CVE-2021-31159 | 2021-06-16 | Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. |
| CVE-2021-22914 | 2021-06-16 | Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be... |
| CVE-2020-8300 | 2021-06-16 | Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal... |
| CVE-2020-8299 | 2021-06-16 | Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled... |
| CVE-2021-21667 | 2021-06-16 | Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. |
| CVE-2021-21668 | 2021-06-16 | Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. |
| CVE-2021-34801 | 2021-06-16 | Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. |
| CVE-2021-27610 | 2021-06-16 | SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC... |
| CVE-2021-34803 | 2021-06-16 | TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. |
| CVE-2020-22198 | 2021-06-16 | SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. |
| CVE-2020-27339 | 2021-06-16 | In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory.... |
| CVE-2020-20444 | 2021-06-16 | Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE... |
| CVE-2020-24939 | 2021-06-16 | Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. |
| CVE-2020-35762 | 2021-06-16 | bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. |
| CVE-2020-35761 | 2021-06-16 | bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. |
| CVE-2020-35760 | 2021-06-16 | bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). |