CVE List - 2021 / April
Showing 1701 - 1800 of 1817 CVEs for April 2021 (Page 18 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-30230 | 2021-04-29 | The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. |
| CVE-2021-30231 | 2021-04-29 | The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable... |
| CVE-2021-30232 | 2021-04-29 | The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter. |
| CVE-2021-30233 | 2021-04-29 | The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. |
| CVE-2021-30234 | 2021-04-29 | The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. |
| CVE-2021-30048 | 2021-04-29 | Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. |
| CVE-2020-35430 | 2021-04-29 | SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. |
| CVE-2020-21452 | 2021-04-29 | An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload |
| CVE-2021-31417 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target... |
| CVE-2021-31418 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target... |
| CVE-2021-31419 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target... |
| CVE-2021-31420 | 2021-04-29 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest... |
| CVE-2021-31421 | 2021-04-29 | This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2021-31422 | 2021-04-29 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest... |
| CVE-2021-31423 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2021-31424 | 2021-04-29 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest... |
| CVE-2021-31425 | 2021-04-29 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest... |
| CVE-2021-31426 | 2021-04-29 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2021-31427 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target... |
| CVE-2021-31428 | 2021-04-29 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest... |
| CVE-2021-31429 | 2021-04-29 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest... |
| CVE-2021-31430 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2021-31431 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2021-31432 | 2021-04-29 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2021-31433 | 2021-04-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31434 | 2021-04-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31435 | 2021-04-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31436 | 2021-04-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31437 | 2021-04-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31438 | 2021-04-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-21415 | 2021-04-29 | Visual Studio Code Prisma Extension Remote Code Execution Vulnerability |
| CVE-2020-21101 | 2021-04-29 | Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute... |
| CVE-2021-21417 | 2021-04-29 | Use after free in fluidsynth |
| CVE-2021-1402 | 2021-04-29 | Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability |
| CVE-2020-18032 | 2021-04-29 | Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading... |
| CVE-2021-21388 | 2021-04-29 | Command Injection Vulnerability in systeminformation |
| CVE-2021-1256 | 2021-04-29 | Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability |
| CVE-2021-1369 | 2021-04-29 | Cisco Firepower Device Manager On-Box Software XML External Entity Vulnerability |
| CVE-2021-1445 | 2021-04-29 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities |
| CVE-2021-1448 | 2021-04-29 | Cisco Firepower Threat Defense Software Command Injection Vulnerability |
| CVE-2021-1455 | 2021-04-29 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2021-1456 | 2021-04-29 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2021-1457 | 2021-04-29 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2021-1458 | 2021-04-29 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2021-1476 | 2021-04-29 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Command Injection Vulnerability |
| CVE-2021-1477 | 2021-04-29 | Cisco Firepower Management Center Software Policy Vulnerability |
| CVE-2021-1488 | 2021-04-29 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability |
| CVE-2021-1489 | 2021-04-29 | Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability |
| CVE-2021-1493 | 2021-04-29 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability |
| CVE-2021-1495 | 2021-04-29 | Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability |
| CVE-2021-1501 | 2021-04-29 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability |
| CVE-2021-1504 | 2021-04-29 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities |
| CVE-2020-22807 | 2021-04-29 | An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. |
| CVE-2020-22808 | 2021-04-29 | An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page. |
| CVE-2021-1080 | 2021-04-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data,... |
| CVE-2021-1081 | 2021-04-29 | NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to... |
| CVE-2021-1082 | 2021-04-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data,... |
| CVE-2021-1083 | 2021-04-29 | NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to... |
| CVE-2021-1084 | 2021-04-29 | NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to... |
| CVE-2021-1085 | 2021-04-29 | NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after... |
| CVE-2021-1086 | 2021-04-29 | NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or... |
| CVE-2021-1087 | 2021-04-29 | NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization... |
| CVE-2021-29484 | 2021-04-29 | DOM XSS in Theme Preview |
| CVE-2021-29468 | 2021-04-29 | Arbitrary code execution when checking out an attacker-controlled Git branch |
| CVE-2020-18035 | 2021-04-29 | Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". |
| CVE-2020-18070 | 2021-04-29 | Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". |
| CVE-2021-29463 | 2021-04-30 | Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata |
| CVE-2021-29464 | 2021-04-30 | Heap buffer overflow in Exiv2::Jp2Image::encodeJp2Header |
| CVE-2021-31873 | 2021-04-30 | An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow. |
| CVE-2021-31919 | 2021-04-30 | An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of... |
| CVE-2021-31871 | 2021-04-30 | An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. |
| CVE-2021-31872 | 2021-04-30 | An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact. |
| CVE-2021-31870 | 2021-04-30 | An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow. |
| CVE-2021-20326 | 2021-04-30 | Specially crafted query may result in a denial of service of mongod |
| CVE-2021-26807 | 2021-04-30 | GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. |
| CVE-2020-1721 | 2021-04-30 | A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling... |
| CVE-2021-20266 | 2021-04-30 | A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability... |
| CVE-2020-24918 | 2021-04-30 | A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header,... |
| CVE-2021-28959 | 2021-04-30 | Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution. |
| CVE-2021-31231 | 2021-04-30 | The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used... |
| CVE-2021-31232 | 2021-04-30 | The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to... |
| CVE-2020-27519 | 2021-04-30 | Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along... |
| CVE-2020-15153 | 2021-04-30 | Unauthenticated SQL injection in Ampache |
| CVE-2020-4039 | 2021-04-30 | Directory Traversal Vulnerability in SUSI.AI Server |
| CVE-2021-20515 | 2021-04-30 | IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code... |
| CVE-2020-7731 | 2021-04-30 | Denial of Service (DoS) |
| CVE-2021-29486 | 2021-04-30 | Improper Input Validation and Loop with Unreachable Exit Condition ('Infinite Loop') in cumulative-distribution-function |
| CVE-2021-21534 | 2021-04-30 | Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the... |
| CVE-2021-21535 | 2021-04-30 | Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level... |
| CVE-2021-21536 | 2021-04-30 | Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in... |
| CVE-2021-21537 | 2021-04-30 | Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the... |
| CVE-2021-31926 | 2021-04-30 | AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to... |
| CVE-2021-21227 | 2021-04-30 | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21228 | 2021-04-30 | Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted... |
| CVE-2021-21229 | 2021-04-30 | Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2021-21230 | 2021-04-30 | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21231 | 2021-04-30 | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21232 | 2021-04-30 | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21233 | 2021-04-30 | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-18084 | 2021-04-30 | Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when... |