Lista CVE - 2021 / Giugno
Visualizzazione 601 - 700 di 1691 CVE per Giugno 2021 (Pagina 7 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-0108 | 2021-06-09 | Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| CVE-2021-0102 | 2021-06-09 | Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| CVE-2021-0056 | 2021-06-09 | Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2021-0057 | 2021-06-09 | Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2021-0058 | 2021-06-09 | Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2021-0094 | 2021-06-09 | Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| CVE-2021-0073 | 2021-06-09 | Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0090 | 2021-06-09 | Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| CVE-2021-0067 | 2021-06-09 | Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-0054 | 2021-06-09 | Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-0086 | 2021-06-09 | Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
| CVE-2021-0089 | 2021-06-09 | Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
| CVE-2021-0077 | 2021-06-09 | Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0133 | 2021-06-09 | Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2021-0132 | 2021-06-09 | Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via... |
| CVE-2021-0131 | 2021-06-09 | Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via... |
| CVE-2021-0134 | 2021-06-09 | Improper input validation in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access. |
| CVE-2021-0074 | 2021-06-09 | Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0052 | 2021-06-09 | Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| CVE-2021-0100 | 2021-06-09 | Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2021-0106 | 2021-06-09 | Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via... |
| CVE-2021-0104 | 2021-06-09 | Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of... |
| CVE-2021-0129 | 2021-06-09 | Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. |
| CVE-2020-24489 | 2021-06-09 | Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-33393 | 2021-06-09 | lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install... |
| CVE-2021-3588 | 2021-06-10 | memory contents disclosure in cli_feat_read_cb |
| CVE-2019-17567 | 2021-06-10 | mod_proxy_wstunnel tunneling of non Upgraded connections |
| CVE-2020-13938 | 2021-06-10 | Improper Handling of Insufficient Privileges |
| CVE-2020-13950 | 2021-06-10 | mod_proxy_http NULL pointer dereference |
| CVE-2020-35452 | 2021-06-10 | mod_auth_digest possible stack overflow by one nul byte |
| CVE-2021-26690 | 2021-06-10 | mod_session NULL pointer dereference |
| CVE-2021-26691 | 2021-06-10 | Apache HTTP Server mod_session response handling heap overflow |
| CVE-2021-30641 | 2021-06-10 | Unexpected URL matching with 'MergeSlashes OFF' |
| CVE-2021-34363 | 2021-06-10 | The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. |
| CVE-2021-34539 | 2021-06-10 | An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is... |
| CVE-2021-20081 | 2021-06-10 | Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. |
| CVE-2021-20293 | 2021-06-10 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without... |
| CVE-2021-21735 | 2021-06-10 | A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through... |
| CVE-2021-31998 | 2021-06-10 | inn: %post calls user owned file allowing local privilege escalation to root |
| CVE-2021-21736 | 2021-06-10 | A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing... |
| CVE-2021-31997 | 2021-06-10 | python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root |
| CVE-2019-25046 | 2021-06-10 | The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. |
| CVE-2021-25322 | 2021-06-10 | python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root |
| CVE-2021-25948 | 2021-06-10 | Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2021-25949 | 2021-06-10 | Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2021-3039 | 2021-06-10 | Prisma Cloud Compute: User role authorization secret for Console leaked through log file export |
| CVE-2021-3040 | 2021-06-10 | Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution |
| CVE-2021-3041 | 2021-06-10 | Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation |
| CVE-2021-31929 | 2021-06-10 | Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals. |
| CVE-2021-34547 | 2021-06-10 | PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation. |
| CVE-2021-31928 | 2021-06-10 | Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2. |
| CVE-2020-24662 | 2021-06-10 | SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0. |
| CVE-2021-31658 | 2021-06-10 | TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received... |
| CVE-2021-21661 | 2021-06-10 | Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2021-21662 | 2021-06-10 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. |
| CVE-2021-21663 | 2021-06-10 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through... |
| CVE-2021-21664 | 2021-06-10 | An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained... |
| CVE-2021-21665 | 2021-06-10 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another... |
| CVE-2021-21666 | 2021-06-10 | Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2021-31659 | 2021-06-10 | TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information.... |
| CVE-2021-23024 | 2021-06-10 | On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have... |
| CVE-2021-23023 | 2021-06-10 | On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which... |
| CVE-2021-34555 | 2021-06-10 | OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. |
| CVE-2021-31927 | 2021-06-10 | An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and... |
| CVE-2021-31538 | 2021-06-10 | LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. |
| CVE-2021-34546 | 2021-06-10 | An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able... |
| CVE-2021-23022 | 2021-06-10 | On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which... |
| CVE-2020-24668 | 2021-06-10 | Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. |
| CVE-2020-24663 | 2021-06-10 | Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. |
| CVE-2020-24671 | 2021-06-10 | Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. |
| CVE-2020-24667 | 2021-06-10 | Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. |
| CVE-2021-33031 | 2021-06-10 | In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain... |
| CVE-2021-27347 | 2021-06-10 | Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. |
| CVE-2020-25467 | 2021-06-10 | A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. |
| CVE-2021-27345 | 2021-06-10 | A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. |
| CVE-2021-34557 | 2021-06-10 | XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication... |
| CVE-2021-31839 | 2021-06-10 | Incorrect permissions on McAfee Agent for Windows event folder |
| CVE-2021-31840 | 2021-06-10 | DLL preload vulnerability in McAfee Agent for Windows |
| CVE-2021-20329 | 2021-06-10 | Specific cstrings input may not be properly validated in the Go Driver |
| CVE-2020-23302 | 2021-06-10 | There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 |
| CVE-2020-23303 | 2021-06-10 | There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. |
| CVE-2020-23306 | 2021-06-10 | There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0. |
| CVE-2020-23308 | 2021-06-10 | There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. |
| CVE-2020-23309 | 2021-06-10 | There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. |
| CVE-2020-23310 | 2021-06-10 | There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. |
| CVE-2020-23311 | 2021-06-10 | There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0. |
| CVE-2020-23312 | 2021-06-10 | There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. |
| CVE-2020-23313 | 2021-06-10 | There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0 |
| CVE-2020-23314 | 2021-06-10 | There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. |
| CVE-2020-23319 | 2021-06-10 | There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. |
| CVE-2020-23320 | 2021-06-10 | There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0. |
| CVE-2020-23321 | 2021-06-10 | There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0. |
| CVE-2020-23322 | 2021-06-10 | There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0. |
| CVE-2020-23323 | 2021-06-10 | There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. |
| CVE-2021-26194 | 2021-06-10 | An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file. |
| CVE-2021-26195 | 2021-06-10 | An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file. |
| CVE-2021-26197 | 2021-06-10 | An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file. |
| CVE-2021-26198 | 2021-06-10 | An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file. |
| CVE-2021-26199 | 2021-06-10 | An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file. |
| CVE-2021-23393 | 2021-06-10 | Open Redirect |