CVE List - 2021 / March
Showing 601 - 700 of 1447 CVEs for March 2021 (Page 7 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-36282 | 2021-03-12 | JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. |
| CVE-2021-20674 | 2021-03-12 | Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified... |
| CVE-2021-27647 | 2021-03-12 | Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. |
| CVE-2021-26569 | 2021-03-12 | Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. |
| CVE-2021-27646 | 2021-03-12 | Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. |
| CVE-2021-28308 | 2021-03-12 | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation. |
| CVE-2021-28307 | 2021-03-12 | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon. |
| CVE-2021-28306 | 2021-03-12 | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is... |
| CVE-2021-28305 | 2021-03-12 | An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed. |
| CVE-2021-28302 | 2021-03-12 | A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space... |
| CVE-2021-23354 | 2021-03-12 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-21367 | 2021-03-12 | Incorrect Authorization in switchboard-plug-bluetooth |
| CVE-2020-4831 | 2021-03-12 | IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965. |
| CVE-2021-21368 | 2021-03-12 | Prototype poisoning |
| CVE-2021-21379 | 2021-03-12 | It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro |
| CVE-2021-21726 | 2021-03-12 | Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause... |
| CVE-2021-21079 | 2021-03-12 | Adobe Connect Reflected Cross-site Scripting via archiveOffset parameter |
| CVE-2021-21072 | 2021-03-12 | Adobe Animate out-of-bounds read vulnerability |
| CVE-2021-21073 | 2021-03-12 | Adobe Animate out-of-bounds read vulnerability |
| CVE-2021-21069 | 2021-03-12 | Adobe Creative Cloud Privilege Escalation Vulnerability |
| CVE-2021-21077 | 2021-03-12 | Adobe Animate heap-based overflow vulnerability |
| CVE-2021-21068 | 2021-03-12 | Adobe Creative Cloud installer arbitrary file overwrite vulnerability |
| CVE-2021-21076 | 2021-03-12 | Adobe Animate out-of-bounds read vulnerability |
| CVE-2021-21080 | 2021-03-12 | Adobe Connect Reflected Cross-site Scripting via query parameter |
| CVE-2021-21075 | 2021-03-12 | Adobe Animate out-of-bounds read vulnerability |
| CVE-2021-21067 | 2021-03-12 | Adobe Photoshop CoolType arbitrary stack manipulation in Type 1/Multiple Master |
| CVE-2021-21071 | 2021-03-12 | Adobe Animate memory corruption vulnerability |
| CVE-2021-21085 | 2021-03-12 | Adobe Connect CSV injection via export feature could lead to code execution |
| CVE-2021-21056 | 2021-03-12 | Adobe FrameMaker Out-of-Bounds Read Vulnerability Could Lead To Remote Code Execution |
| CVE-2021-21074 | 2021-03-12 | Adobe Animate out-of-bounds read vulnerability |
| CVE-2021-21078 | 2021-03-12 | Adobe Creative Cloud Unquoted Service Path in CCXProcess |
| CVE-2021-21082 | 2021-03-12 | Adobe Photoshop Memory Corruption |
| CVE-2021-20231 | 2021-03-12 | A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. |
| CVE-2021-20232 | 2021-03-12 | A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. |
| CVE-2021-21518 | 2021-03-12 | Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL... |
| CVE-2021-28092 | 2021-03-12 | The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg... |
| CVE-2021-28161 | 2021-03-12 | In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected. |
| CVE-2021-28162 | 2021-03-12 | In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. |
| CVE-2021-27290 | 2021-03-12 | ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading... |
| CVE-2021-20017 | 2021-03-13 | A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. |
| CVE-2021-20018 | 2021-03-13 | A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. |
| CVE-2020-35682 | 2021-03-13 | Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). |
| CVE-2021-28361 | 2021-03-13 | An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the... |
| CVE-2021-28373 | 2021-03-13 | The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected... |
| CVE-2021-28363 | 2021-03-15 | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext... |
| CVE-2021-28375 | 2021-03-15 | An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue... |
| CVE-2021-28374 | 2021-03-15 | The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password... |
| CVE-2021-28378 | 2021-03-15 | Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. |
| CVE-2021-28379 | 2021-03-15 | web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. |
| CVE-2021-27576 | 2021-03-15 | Apache OpenMeetings: bandwidth can be overloaded with public web service |
| CVE-2020-35358 | 2021-03-15 | DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do... |
| CVE-2021-20179 | 2021-03-15 | A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as... |
| CVE-2021-27208 | 2021-03-15 | When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter... |
| CVE-2021-27893 | 2021-03-15 | SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. |
| CVE-2021-27891 | 2021-03-15 | SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected. |
| CVE-2021-27892 | 2021-03-15 | SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. |
| CVE-2021-26923 | 2021-03-15 | An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. |
| CVE-2021-26924 | 2021-03-15 | An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. |
| CVE-2021-3167 | 2021-03-15 | In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. |
| CVE-2020-4184 | 2021-03-15 | IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.... |
| CVE-2021-20440 | 2021-03-15 | IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by... |
| CVE-2021-27695 | 2021-03-15 | Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor,... |
| CVE-2021-23356 | 2021-03-15 | Arbitrary Command Injection |
| CVE-2021-23355 | 2021-03-15 | Arbitrary Command Injection |
| CVE-2020-24877 | 2021-03-15 | A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. |
| CVE-2021-27817 | 2021-03-15 | A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar... |
| CVE-2021-23357 | 2021-03-15 | Directory Traversal |
| CVE-2021-27889 | 2021-03-15 | Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. |
| CVE-2020-25236 | 2021-03-15 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All... |
| CVE-2020-25239 | 2021-03-15 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the... |
| CVE-2020-25240 | 2021-03-15 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and... |
| CVE-2020-25241 | 2021-03-15 | A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming... |
| CVE-2020-28385 | 2021-03-15 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing... |
| CVE-2020-28387 | 2021-03-15 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could... |
| CVE-2021-25667 | 2021-03-15 | A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3... |
| CVE-2021-25672 | 2021-03-15 | A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over... |
| CVE-2021-25673 | 2021-03-15 | A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is... |
| CVE-2021-25674 | 2021-03-15 | A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is... |
| CVE-2021-25675 | 2021-03-15 | A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is... |
| CVE-2021-25676 | 2021-03-15 | A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could... |
| CVE-2021-27380 | 2021-03-15 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing... |
| CVE-2021-27381 | 2021-03-15 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing... |
| CVE-2021-27890 | 2021-03-15 | SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. |
| CVE-2021-27946 | 2021-03-15 | SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). |
| CVE-2021-27947 | 2021-03-15 | SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). |
| CVE-2021-27948 | 2021-03-15 | SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). |
| CVE-2021-27949 | 2021-03-15 | Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. |
| CVE-2020-28149 | 2021-03-15 | myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS. |
| CVE-2021-20286 | 2021-03-15 | A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. |
| CVE-2020-24982 | 2021-03-15 | An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated... |
| CVE-2021-22191 | 2021-03-15 | Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. |
| CVE-2020-24985 | 2021-03-15 | An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter... |
| CVE-2020-29556 | 2021-03-15 | The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also... |
| CVE-2020-29555 | 2021-03-15 | The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be... |
| CVE-2020-29553 | 2021-03-15 | The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). |
| CVE-2021-23879 | 2021-03-15 | Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and ... |
| CVE-2021-3150 | 2021-03-15 | A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name.... |
| CVE-2021-24029 | 2021-03-15 | A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this... |
| CVE-2021-3418 | 2021-03-15 | If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was... |
| CVE-2020-27278 | 2021-03-15 | In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. |