Lista CVE - 2021 / Giugno
Visualizzazione 101 - 200 di 1691 CVE per Giugno 2021 (Pagina 2 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-3538 | 2021-06-02 | A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. |
| CVE-2021-3544 | 2021-06-02 | Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper... |
| CVE-2021-3545 | 2021-06-02 | An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and... |
| CVE-2021-3546 | 2021-06-02 | An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command... |
| CVE-2017-8761 | 2021-06-02 | In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All... |
| CVE-2018-10195 | 2021-06-02 | lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. |
| CVE-2019-12067 | 2021-06-02 | The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. |
| CVE-2021-26707 | 2021-06-02 | The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in... |
| CVE-2021-28675 | 2021-06-02 | An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead... |
| CVE-2021-3530 | 2021-06-02 | A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to... |
| CVE-2021-3522 | 2021-06-02 | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. |
| CVE-2021-3468 | 2021-06-02 | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not... |
| CVE-2020-22046 | 2021-06-02 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. |
| CVE-2021-25287 | 2021-06-02 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. |
| CVE-2021-25288 | 2021-06-02 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. |
| CVE-2021-28678 | 2021-06-02 | An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a... |
| CVE-2021-28677 | 2021-06-02 | An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings.... |
| CVE-2020-27661 | 2021-06-02 | A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process... |
| CVE-2020-24870 | 2021-06-02 | Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. |
| CVE-2021-31921 | 2021-06-02 | Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is... |
| CVE-2020-22048 | 2021-06-02 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. |
| CVE-2020-22049 | 2021-06-02 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. |
| CVE-2021-3499 | 2021-06-02 | A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules.... |
| CVE-2020-6950 | 2021-06-02 | Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. |
| CVE-2009-0947 | 2021-06-02 | Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. |
| CVE-2009-0948 | 2021-06-02 | Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. |
| CVE-2020-22051 | 2021-06-02 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. |
| CVE-2021-3529 | 2021-06-02 | A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between... |
| CVE-2011-3656 | 2021-06-02 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default... |
| CVE-2015-1877 | 2021-06-02 | The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a... |
| CVE-2020-24862 | 2021-06-02 | The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers... |
| CVE-2020-25362 | 2021-06-02 | The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve... |
| CVE-2020-22054 | 2021-06-02 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. |
| CVE-2020-22056 | 2021-06-02 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. |
| CVE-2021-32625 | 2021-06-02 | Redis vulnerability in STRALGO LCS on 32-bit systems |
| CVE-2020-4495 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API,... |
| CVE-2020-4732 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126. |
| CVE-2020-4977 | 2021-06-02 | IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-5030 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-20338 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-20343 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to... |
| CVE-2021-20345 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to... |
| CVE-2021-20346 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to... |
| CVE-2021-20347 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to... |
| CVE-2021-20348 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to... |
| CVE-2021-20371 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used... |
| CVE-2021-29668 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-29670 | 2021-06-02 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-35441 | 2021-06-02 | FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. |
| CVE-2020-35442 | 2021-06-02 | FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php. |
| CVE-2021-33815 | 2021-06-03 | dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. |
| CVE-2021-28806 | 2021-06-03 | DOM-Based XSS Vulnerability in QTS and QuTS hero |
| CVE-2021-28807 | 2021-06-03 | Post-Authentication Reflected XSS Vulnerability in Q'center |
| CVE-2021-28812 | 2021-06-03 | Command Injection Vulnerability in Video Station |
| CVE-2021-31831 | 2021-06-03 | Incorrect access to deleted scripts vulnerability in McAfee DBSec |
| CVE-2021-31830 | 2021-06-03 | Cross site Scripting (XSS) vulnerability in McAfee DBSec |
| CVE-2021-22130 | 2021-06-03 | A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform... |
| CVE-2021-24023 | 2021-06-03 | An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. |
| CVE-2021-32460 | 2021-06-03 | The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on... |
| CVE-2021-32923 | 2021-06-03 | HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be... |
| CVE-2021-28847 | 2021-06-03 | MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in... |
| CVE-2021-26584 | 2021-06-03 | A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in... |
| CVE-2021-3569 | 2021-06-03 | A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access)... |
| CVE-2021-28848 | 2021-06-03 | Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results... |
| CVE-2021-33806 | 2021-06-03 | The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. |
| CVE-2021-32926 | 2021-06-03 | When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an... |
| CVE-2020-21005 | 2021-06-03 | WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user... |
| CVE-2020-21003 | 2021-06-03 | Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php. |
| CVE-2021-20380 | 2021-06-03 | IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could... |
| CVE-2020-28469 | 2021-06-03 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-22308 | 2021-06-03 | There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system... |
| CVE-2021-22313 | 2021-06-03 | There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. |
| CVE-2021-22317 | 2021-06-03 | There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. |
| CVE-2021-22316 | 2021-06-03 | There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability... |
| CVE-2021-22322 | 2021-06-03 | There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. |
| CVE-2021-22325 | 2021-06-03 | There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission. |
| CVE-2021-22324 | 2021-06-03 | There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. |
| CVE-2021-22336 | 2021-06-03 | There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device. |
| CVE-2021-32660 | 2021-06-03 | TechDocs content sanitization bypass |
| CVE-2021-32661 | 2021-06-03 | TechDocs object element script injection |
| CVE-2021-22333 | 2021-06-03 | There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions. |
| CVE-2021-22337 | 2021-06-03 | There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause leaking of user click data. |
| CVE-2021-22335 | 2021-06-03 | There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing. |
| CVE-2021-22334 | 2021-06-03 | There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections. |
| CVE-2021-3469 | 2021-06-03 | Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA)... |
| CVE-2021-25947 | 2021-06-03 | Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2019-14584 | 2021-06-03 | Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2020-35973 | 2021-06-03 | An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. |
| CVE-2020-35972 | 2021-06-03 | An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html. |
| CVE-2020-35971 | 2021-06-03 | A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page. |
| CVE-2020-35970 | 2021-06-03 | An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read. |
| CVE-2021-32665 | 2021-06-03 | Verified groups not reliable |
| CVE-2021-32666 | 2021-06-03 | Asset DoS vulnerability |
| CVE-2021-32662 | 2021-06-03 | TechDocs mkdocs.yml path traversal |
| CVE-2020-36004 | 2021-06-03 | AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information. |
| CVE-2020-36005 | 2021-06-03 | AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. |
| CVE-2020-36006 | 2021-06-03 | AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. |
| CVE-2020-36007 | 2021-06-03 | AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users. |
| CVE-2020-36008 | 2021-06-03 | OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability. |
| CVE-2020-36009 | 2021-06-03 | OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability. |