CVE List - 2021 / April
Showing 401 - 500 of 1817 CVEs for April 2021 (Page 5 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-30147 | 2021-04-07 | DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. |
| CVE-2021-20684 | 2021-04-07 | Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20685 | 2021-04-07 | Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20686 | 2021-04-07 | Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20687 | 2021-04-07 | Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2021-20688 | 2021-04-07 | Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20689 | 2021-04-07 | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20690 | 2021-04-07 | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20691 | 2021-04-07 | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20692 | 2021-04-07 | Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives. |
| CVE-2020-11191 | 2021-04-07 | Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2020-11210 | 2021-04-07 | Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking |
| CVE-2020-11231 | 2021-04-07 | Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2020-11234 | 2021-04-07 | When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in... |
| CVE-2020-11236 | 2021-04-07 | Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2020-11237 | 2021-04-07 | Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2020-11242 | 2021-04-07 | User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2020-11243 | 2021-04-07 | RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2020-11245 | 2021-04-07 | Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2020-11246 | 2021-04-07 | A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11247 | 2021-04-07 | Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... |
| CVE-2020-11251 | 2021-04-07 | Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-11252 | 2021-04-07 | Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11255 | 2021-04-07 | Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto,... |
| CVE-2021-1892 | 2021-04-07 | Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking |
| CVE-2021-26709 | 2021-04-07 | D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE:... |
| CVE-2021-30177 | 2021-04-07 | There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be... |
| CVE-2020-36314 | 2021-04-07 | fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is... |
| CVE-2021-30184 | 2021-04-07 | GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary... |
| CVE-2021-30185 | 2021-04-07 | CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. |
| CVE-2021-21639 | 2021-04-07 | Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node,... |
| CVE-2021-21640 | 2021-04-07 | Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with... |
| CVE-2021-21641 | 2021-04-07 | A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. |
| CVE-2021-28927 | 2021-04-07 | The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that... |
| CVE-2020-25584 | 2021-04-07 | In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the... |
| CVE-2021-29627 | 2021-04-07 | In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string.... |
| CVE-2021-29626 | 2021-04-07 | In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings... |
| CVE-2020-24138 | 2021-04-07 | Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. |
| CVE-2020-24136 | 2021-04-07 | Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. |
| CVE-2020-24135 | 2021-04-07 | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. |
| CVE-2020-24139 | 2021-04-07 | Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help... |
| CVE-2020-24140 | 2021-04-07 | Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help... |
| CVE-2020-24137 | 2021-04-07 | Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. |
| CVE-2021-21425 | 2021-04-07 | Unauthenticated Arbitrary YAML Write/Update leads to Code Execution |
| CVE-2021-28166 | 2021-04-07 | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would... |
| CVE-2021-30123 | 2021-04-07 | FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. |
| CVE-2013-1054 | 2021-04-07 | Possible remote DOS in WebApps |
| CVE-2013-1055 | 2021-04-07 | Potential DoS through abuse of rate limit in libunity-webapps for Firefox |
| CVE-2020-36316 | 2021-04-07 | In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. |
| CVE-2020-36315 | 2021-04-07 | In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a... |
| CVE-2021-30246 | 2021-04-07 | In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack. |
| CVE-2021-26758 | 2021-04-07 | Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. |
| CVE-2021-30456 | 2021-04-07 | An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function. |
| CVE-2021-30457 | 2021-04-07 | An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl. |
| CVE-2021-30455 | 2021-04-07 | An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic. |
| CVE-2021-30454 | 2021-04-07 | An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader. |
| CVE-2021-29641 | 2021-04-07 | Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload... |
| CVE-2021-29154 | 2021-04-08 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. |
| CVE-2021-28174 | 2021-04-08 | Mitake Smart Stock Selection System - Broken Authentication |
| CVE-2021-1137 | 2021-04-08 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1251 | 2021-04-08 | Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-1308 | 2021-04-08 | Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-1309 | 2021-04-08 | Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-1362 | 2021-04-08 | Cisco Unified Communications Products Remote Code Execution Vulnerability |
| CVE-2021-1380 | 2021-04-08 | Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities |
| CVE-2021-1386 | 2021-04-08 | Cisco Advanced Malware Protection for Endpoints Windows Connector, ClamAV for Windows, and Immunet DLL Hijacking Vulnerability |
| CVE-2021-1399 | 2021-04-08 | Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability |
| CVE-2021-1406 | 2021-04-08 | Cisco Unified Communications Manager Information Disclosure Vulnerability |
| CVE-2021-1407 | 2021-04-08 | Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities |
| CVE-2021-1408 | 2021-04-08 | Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities |
| CVE-2021-1409 | 2021-04-08 | Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities |
| CVE-2021-1413 | 2021-04-08 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities |
| CVE-2021-1414 | 2021-04-08 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities |
| CVE-2021-1415 | 2021-04-08 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities |
| CVE-2021-1420 | 2021-04-08 | Cisco Webex Meetings HTML Injection Vulnerability |
| CVE-2021-1459 | 2021-04-08 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability |
| CVE-2021-1463 | 2021-04-08 | Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability |
| CVE-2021-1467 | 2021-04-08 | Cisco Webex Meetings for Android Avatar Modification Vulnerability |
| CVE-2021-1472 | 2021-04-08 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2021-1473 | 2021-04-08 | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2021-1474 | 2021-04-08 | Cisco Umbrella Link and CSV Formula Injection Vulnerabilities |
| CVE-2021-1475 | 2021-04-08 | Cisco Umbrella Link and CSV Formula Injection Vulnerabilities |
| CVE-2021-1479 | 2021-04-08 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1480 | 2021-04-08 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1485 | 2021-04-08 | Cisco IOS XR Software Command Injection Vulnerability |
| CVE-2021-1252 | 2021-04-08 | Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability |
| CVE-2021-1405 | 2021-04-08 | Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability |
| CVE-2021-1404 | 2021-04-08 | Clam AntiVirus (ClamAV) Email Parser Denial of Service Vulnerability |
| CVE-2021-3012 | 2021-04-08 | A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute... |
| CVE-2021-28685 | 2021-04-08 | AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into... |
| CVE-2021-28686 | 2021-04-08 | AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a... |
| CVE-2021-30114 | 2021-04-08 | Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the... |
| CVE-2021-30113 | 2021-04-08 | A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored... |
| CVE-2021-30112 | 2021-04-08 | Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF... |
| CVE-2021-30111 | 2021-04-08 | A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be... |
| CVE-2021-20480 | 2021-04-08 | IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to... |
| CVE-2021-28925 | 2021-04-08 | SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. |
| CVE-2021-28924 | 2021-04-08 | Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. |
| CVE-2021-30463 | 2021-04-08 | VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the... |
| CVE-2021-30462 | 2021-04-08 | VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. |