Lista CVE - 2021 / Giugno
Visualizzazione 1601 - 1691 di 1691 CVE per Giugno 2021 (Pagina 17 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-20101 | 2021-06-29 | Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content. |
| CVE-2021-20102 | 2021-06-29 | Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. |
| CVE-2021-20103 | 2021-06-29 | Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. |
| CVE-2021-20104 | 2021-06-29 | Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. |
| CVE-2021-20105 | 2021-06-29 | Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter. |
| CVE-2021-20477 | 2021-06-29 | IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2021-20490 | 2021-06-29 | IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791. |
| CVE-2021-20580 | 2021-06-29 | IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2021-22119 | 2021-06-29 | Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation... |
| CVE-2020-21394 | 2021-06-29 | SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. |
| CVE-2021-23275 | 2021-06-29 | TIBCO Spotfire Windows Platform Installation vulnerability |
| CVE-2021-28830 | 2021-06-29 | TIBCO Spotfire Windows Platform Artifact Search vulnerability |
| CVE-2020-18066 | 2021-06-29 | Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. |
| CVE-2021-29480 | 2021-06-29 | Default client side session signing key is highly predictable |
| CVE-2021-20079 | 2021-06-29 | Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to... |
| CVE-2021-29481 | 2021-06-29 | Client side sessions should not allow unencrypted storage |
| CVE-2021-29485 | 2021-06-29 | Remote Code Execution Vulnerability in Session Storage |
| CVE-2021-22439 | 2021-06-29 | There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious... |
| CVE-2021-32721 | 2021-06-29 | URL Redirection to Untrusted Site ('Open Redirect') in github.com/AndrewBurian/powermux |
| CVE-2021-22340 | 2021-06-29 | There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit... |
| CVE-2021-22338 | 2021-06-29 | There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to... |
| CVE-2021-22329 | 2021-06-29 | There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to... |
| CVE-2021-22341 | 2021-06-29 | There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This... |
| CVE-2021-35941 | 2021-06-29 | Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication,... |
| CVE-2021-35958 | 2021-06-30 | TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for... |
| CVE-2021-35959 | 2021-06-30 | In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. |
| CVE-2021-32566 | 2021-06-30 | Specific sequence of HTTP/2 frames can cause ATS to crash |
| CVE-2021-32567 | 2021-06-30 | Reading HTTP/2 frames too many times |
| CVE-2021-35474 | 2021-06-30 | Dynamic stack buffer overflow in cachekey plugin |
| CVE-2021-25321 | 2021-06-30 | arpwatch: Local privilege escalation from runtime user to root |
| CVE-2019-18906 | 2021-06-30 | cryptctl: client side password hashing is equivalent to clear text password storage |
| CVE-2021-34373 | 2021-06-30 | Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and... |
| CVE-2021-34374 | 2021-06-30 | Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of... |
| CVE-2021-34375 | 2021-06-30 | Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of... |
| CVE-2021-34376 | 2021-06-30 | Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead... |
| CVE-2021-34377 | 2021-06-30 | Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead... |
| CVE-2021-34378 | 2021-06-30 | Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead... |
| CVE-2021-34379 | 2021-06-30 | Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead... |
| CVE-2021-34380 | 2021-06-30 | Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information... |
| CVE-2021-34381 | 2021-06-30 | Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem... |
| CVE-2021-34382 | 2021-06-30 | Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow,... |
| CVE-2021-34383 | 2021-06-30 | Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges. |
| CVE-2021-34384 | 2021-06-30 | Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution. |
| CVE-2021-34385 | 2021-06-30 | Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. |
| CVE-2021-28692 | 2021-06-30 | inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen,... |
| CVE-2021-28693 | 2021-06-30 | xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To... |
| CVE-2021-30648 | 2021-06-30 | The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration... |
| CVE-2021-31721 | 2021-06-30 | Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. |
| CVE-2021-25951 | 2021-06-30 | XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. |
| CVE-2021-35956 | 2021-06-30 | Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and... |
| CVE-2021-27902 | 2021-06-30 | An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads. |
| CVE-2021-27903 | 2021-06-30 | An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker... |
| CVE-2021-28993 | 2021-06-30 | Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). |
| CVE-2021-20107 | 2021-06-30 | There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure... |
| CVE-2021-20461 | 2021-06-30 | IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the... |
| CVE-2021-3630 | 2021-06-30 | An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions... |
| CVE-2021-22380 | 2021-06-30 | There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability. |
| CVE-2021-22326 | 2021-06-30 | A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability. |
| CVE-2021-22375 | 2021-06-30 | There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. |
| CVE-2021-22370 | 2021-06-30 | There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22372 | 2021-06-30 | There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22376 | 2021-06-30 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. |
| CVE-2021-22373 | 2021-06-30 | There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. |
| CVE-2021-35970 | 2021-06-30 | Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. |
| CVE-2021-35971 | 2021-06-30 | Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. |
| CVE-2021-35973 | 2021-06-30 | NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP... |
| CVE-2021-22374 | 2021-06-30 | There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks. |
| CVE-2021-22369 | 2021-06-30 | There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. |
| CVE-2021-22323 | 2021-06-30 | There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. |
| CVE-2021-22371 | 2021-06-30 | There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-21670 | 2021-06-30 | Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not... |
| CVE-2021-21671 | 2021-06-30 | Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. |
| CVE-2021-21672 | 2021-06-30 | Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2021-21673 | 2021-06-30 | Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. |
| CVE-2021-21674 | 2021-06-30 | A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. |
| CVE-2021-21675 | 2021-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. |
| CVE-2021-21676 | 2021-06-30 | Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. |
| CVE-2021-22353 | 2021-06-30 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart. |
| CVE-2021-22354 | 2021-06-30 | There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. |
| CVE-2021-22368 | 2021-06-30 | There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. |
| CVE-2021-32736 | 2021-06-30 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in think-helper |
| CVE-2021-22367 | 2021-06-30 | There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass. |
| CVE-2021-34075 | 2021-06-30 | In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. |
| CVE-2021-22350 | 2021-06-30 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart. |
| CVE-2021-22351 | 2021-06-30 | There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions. |
| CVE-2021-22352 | 2021-06-30 | There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious... |
| CVE-2021-22349 | 2021-06-30 | There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of insufficient input verification may cause the system to restart. |
| CVE-2021-22348 | 2021-06-30 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute. |
| CVE-2021-22346 | 2021-06-30 | There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. |
| CVE-2021-22345 | 2021-06-30 | There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write. |
| CVE-2020-36194 | 2021-07-01 | XSS Vulnerability in QTS and QuTS heroCommand Injection Vulnerabilities in QTS and QuTS hero |
| CVE-2020-36196 | 2021-07-01 | Stored XSS Vulnerability in QuLog Center |
| CVE-2021-28802 | 2021-07-01 | Command Injection Vulnerabilities in QTS and QuTS hero |
| CVE-2021-28803 | 2021-07-01 | Stored XSS Vulnerability in Q'center |
| CVE-2021-28804 | 2021-07-01 | Command Injection Vulnerabilities in QTS and QuTS hero |
| CVE-2021-36080 | 2021-07-01 | GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). |
| CVE-2021-36081 | 2021-07-01 | Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. |
| CVE-2021-36082 | 2021-07-01 | ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. |
| CVE-2021-36083 | 2021-07-01 | KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. |
| CVE-2021-36084 | 2021-07-01 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). |