CVE List - 2021 / April
Showing 301 - 400 of 1817 CVEs for April 2021 (Page 4 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24212 | 2021-04-05 | WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE |
| CVE-2020-19596 | 2021-04-05 | Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. |
| CVE-2020-19595 | 2021-04-05 | Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username. |
| CVE-2021-20305 | 2021-04-05 | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply... |
| CVE-2021-20308 | 2021-04-05 | Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. |
| CVE-2021-20307 | 2021-04-05 | Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. |
| CVE-2021-30141 | 2021-04-05 | Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and... |
| CVE-2021-30130 | 2021-04-06 | phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. |
| CVE-2021-30151 | 2021-04-06 | Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. |
| CVE-2021-30144 | 2021-04-06 | The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in... |
| CVE-2021-28175 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Radius configuration function |
| CVE-2021-28176 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - DNS configuration function |
| CVE-2021-28177 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - LDAP configuration function |
| CVE-2021-28178 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - UEFI configuration function |
| CVE-2021-28179 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Media support configuration setting |
| CVE-2021-28180 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Audit log configuration setting |
| CVE-2021-28181 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Remote video configuration setting |
| CVE-2021-28182 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Web Service configuration function |
| CVE-2021-28183 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Web License configuration setting |
| CVE-2021-28184 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Active Directory configuration function |
| CVE-2021-28185 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - ActiveX configuration-1 acquisition |
| CVE-2021-28186 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition |
| CVE-2021-28187 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Generate new SSL certificate |
| CVE-2021-28188 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Modify user’s information function |
| CVE-2021-28189 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - SMTP configuration function |
| CVE-2021-28190 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Generate new certificate function |
| CVE-2021-28191 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Firmware update function |
| CVE-2021-28192 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Remote video storage function |
| CVE-2021-28193 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - SMTP configuration function |
| CVE-2021-28194 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Remote image configuration setting |
| CVE-2021-28195 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Radius configuration function |
| CVE-2021-28196 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Generate SSL certificate function |
| CVE-2021-28197 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Active Directory configuration function |
| CVE-2021-28198 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Firmware protocol configuration |
| CVE-2021-28199 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Modify user’s information function |
| CVE-2021-28200 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - CD media configuration function |
| CVE-2021-28201 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Service configuration-1 function |
| CVE-2021-28202 | 2021-04-06 | ASUS BMC's firmware: buffer overflow - Service configuration-2 function |
| CVE-2021-28203 | 2021-04-06 | ASUS BMC's firmware: command injection - Web Set Media Image function |
| CVE-2021-28204 | 2021-04-06 | ASUS BMC's firmware: command injection - Modify user’s information function |
| CVE-2021-28205 | 2021-04-06 | ASUS BMC's firmware: path traversal - Delete SOL video file function |
| CVE-2021-28206 | 2021-04-06 | ASUS BMC's firmware: path traversal - Record video file function |
| CVE-2021-28207 | 2021-04-06 | ASUS BMC's firmware: path traversal - Get Help file function |
| CVE-2021-28208 | 2021-04-06 | ASUS BMC's firmware: path traversal - Get video file function |
| CVE-2021-28209 | 2021-04-06 | ASUS BMC's firmware: path traversal - Delete video file function |
| CVE-2021-30150 | 2021-04-06 | Composr 10.0.36 allows XSS in an XML script. |
| CVE-2021-30149 | 2021-04-06 | Composr 10.0.36 allows upload and execution of PHP files. |
| CVE-2021-30158 | 2021-04-06 | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might... |
| CVE-2021-30157 | 2021-04-06 | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are... |
| CVE-2021-30154 | 2021-04-06 | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. |
| CVE-2021-30162 | 2021-04-06 | An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG... |
| CVE-2021-30161 | 2021-04-06 | An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID... |
| CVE-2021-30164 | 2021-04-06 | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. |
| CVE-2019-25026 | 2021-04-06 | Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. |
| CVE-2020-36308 | 2021-04-06 | Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. |
| CVE-2020-36307 | 2021-04-06 | Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. |
| CVE-2020-36306 | 2021-04-06 | Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. |
| CVE-2021-30163 | 2021-04-06 | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. |
| CVE-2021-28171 | 2021-04-06 | Vangene deltaFlow E-platform - Broken Authentication |
| CVE-2021-28172 | 2021-04-06 | Vangene deltaFlow E-platform - Path Traversal |
| CVE-2021-28173 | 2021-04-06 | Vangene deltaFlow E-platform - Arbitrary File Upload |
| CVE-2021-27343 | 2021-04-06 | SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1. |
| CVE-2021-27357 | 2021-04-06 | RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. |
| CVE-2021-27697 | 2021-04-06 | RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. |
| CVE-2021-27698 | 2021-04-06 | RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. |
| CVE-2021-28075 | 2021-04-06 | iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. |
| CVE-2021-28874 | 2021-04-06 | SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. |
| CVE-2021-30045 | 2021-04-06 | SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. |
| CVE-2021-30046 | 2021-04-06 | VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. |
| CVE-2021-28142 | 2021-04-06 | CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." |
| CVE-2021-28658 | 2021-04-06 | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected... |
| CVE-2020-23533 | 2021-04-06 | Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps,... |
| CVE-2020-36284 | 2021-04-06 | Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a... |
| CVE-2020-36285 | 2021-04-06 | Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps,... |
| CVE-2021-26833 | 2021-04-06 | Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT... |
| CVE-2021-30140 | 2021-04-06 | LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML /... |
| CVE-2021-30146 | 2021-04-06 | Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." |
| CVE-2021-29136 | 2021-04-06 | Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. |
| CVE-2021-24026 | 2021-04-06 | A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior... |
| CVE-2021-24027 | 2021-04-06 | A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to... |
| CVE-2021-20334 | 2021-04-06 | Local privilege escalation in MongoDB Compass for Windows |
| CVE-2020-36309 | 2021-04-06 | ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
| CVE-2021-28688 | 2021-04-06 | The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also... |
| CVE-2021-21423 | 2021-04-06 | Exposure of Version-Control Repository to an Unauthorized Control Sphere in projen |
| CVE-2021-25692 | 2021-04-06 | Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. |
| CVE-2021-21404 | 2021-04-06 | Crash due to malformed relay protocol message |
| CVE-2020-13420 | 2021-04-06 | OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. |
| CVE-2020-13418 | 2021-04-06 | OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. |
| CVE-2020-13419 | 2021-04-06 | OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. |
| CVE-2020-13421 | 2021-04-06 | OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. |
| CVE-2020-13422 | 2021-04-06 | OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. |
| CVE-2021-22157 | 2021-04-06 | Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. |
| CVE-2021-27899 | 2021-04-06 | The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter... |
| CVE-2021-22158 | 2021-04-06 | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of... |
| CVE-2021-27900 | 2021-04-06 | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration... |
| CVE-2020-36313 | 2021-04-06 | An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. |
| CVE-2020-36312 | 2021-04-06 | An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. |
| CVE-2020-36311 | 2021-04-06 | An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which... |
| CVE-2021-30178 | 2021-04-06 | An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. |
| CVE-2020-36310 | 2021-04-06 | An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. |