CVE List - 2021 / April
Showing 801 - 900 of 1817 CVEs for April 2021 (Page 9 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-28358 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28434 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28435 | 2021-04-13 | Windows Event Tracing Information Disclosure Vulnerability |
| CVE-2021-28436 | 2021-04-13 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2021-28437 | 2021-04-13 | Windows Installer Information Disclosure Vulnerability |
| CVE-2021-28438 | 2021-04-13 | Windows Console Driver Denial of Service Vulnerability |
| CVE-2021-28439 | 2021-04-13 | Windows TCP/IP Driver Denial of Service Vulnerability |
| CVE-2021-28440 | 2021-04-13 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2021-28441 | 2021-04-13 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2021-28442 | 2021-04-13 | Windows TCP/IP Information Disclosure Vulnerability |
| CVE-2021-28443 | 2021-04-13 | Windows Console Driver Denial of Service Vulnerability |
| CVE-2021-28444 | 2021-04-13 | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2021-28445 | 2021-04-13 | Windows Network File System Remote Code Execution Vulnerability |
| CVE-2021-28446 | 2021-04-13 | Windows Portmapping Information Disclosure Vulnerability |
| CVE-2021-28447 | 2021-04-13 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability |
| CVE-2021-28448 | 2021-04-13 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability |
| CVE-2021-28449 | 2021-04-13 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2021-28450 | 2021-04-13 | Microsoft SharePoint Denial of Service Vulnerability |
| CVE-2021-28451 | 2021-04-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-28452 | 2021-04-13 | Microsoft Outlook Memory Corruption Vulnerability |
| CVE-2021-28453 | 2021-04-13 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2021-28454 | 2021-04-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-28456 | 2021-04-13 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2021-28457 | 2021-04-13 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-28458 | 2021-04-13 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability |
| CVE-2021-28459 | 2021-04-13 | Azure DevOps Server Spoofing Vulnerability |
| CVE-2021-28460 | 2021-04-13 | Azure Sphere Unsigned Code Execution Vulnerability |
| CVE-2021-28464 | 2021-04-13 | VP9 Video Extensions Remote Code Execution Vulnerability |
| CVE-2021-28466 | 2021-04-13 | Raw Image Extension Remote Code Execution Vulnerability |
| CVE-2021-28468 | 2021-04-13 | Raw Image Extension Remote Code Execution Vulnerability |
| CVE-2021-28469 | 2021-04-13 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-28470 | 2021-04-13 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability |
| CVE-2021-28471 | 2021-04-13 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-28472 | 2021-04-13 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability |
| CVE-2021-28473 | 2021-04-13 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-28475 | 2021-04-13 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-28477 | 2021-04-13 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-28480 | 2021-04-13 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-28481 | 2021-04-13 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-28482 | 2021-04-13 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-28483 | 2021-04-13 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-29439 | 2021-04-13 | Plugins can be installed with minimal admin privileges |
| CVE-2021-29440 | 2021-04-13 | Twig allowing dangerous PHP functions by default |
| CVE-2021-3460 | 2021-04-13 | The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible... |
| CVE-2021-3462 | 2021-04-13 | A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. |
| CVE-2021-3463 | 2021-04-13 | A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. |
| CVE-2021-3473 | 2021-04-13 | An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator... |
| CVE-2019-10881 | 2021-04-13 | Default hidden Privileged Account Vulnerability in multiple XEROX devices |
| CVE-2021-29370 | 2021-04-13 | A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser... |
| CVE-2021-24028 | 2021-04-13 | An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to... |
| CVE-2020-36322 | 2021-04-14 | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original... |
| CVE-2021-27815 | 2021-04-14 | NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS)... |
| CVE-2021-31152 | 2021-04-14 | Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. |
| CVE-2021-31162 | 2021-04-14 | In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. |
| CVE-2018-25008 | 2021-04-14 | In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. |
| CVE-2020-36323 | 2021-04-14 | In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the... |
| CVE-2017-20004 | 2021-04-14 | In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety... |
| CVE-2021-28797 | 2021-04-14 | Stack Buffer Overflow in Surveillance Station |
| CVE-2021-25316 | 2021-04-14 | Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools |
| CVE-2021-27989 | 2021-04-14 | Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. |
| CVE-2021-22879 | 2021-04-14 | Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed... |
| CVE-2021-26832 | 2021-04-14 | Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious... |
| CVE-2021-27288 | 2021-04-14 | Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page. |
| CVE-2020-21087 | 2021-04-14 | Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of... |
| CVE-2020-21088 | 2021-04-14 | Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last... |
| CVE-2020-36120 | 2021-04-14 | Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). |
| CVE-2021-26805 | 2021-04-14 | Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. |
| CVE-2021-28300 | 2021-04-14 | NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. |
| CVE-2021-29338 | 2021-04-14 | Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on... |
| CVE-2021-26827 | 2021-04-14 | Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter... |
| CVE-2021-27113 | 2021-04-14 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This... |
| CVE-2021-27114 | 2021-04-14 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could... |
| CVE-2020-19778 | 2021-04-14 | Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request. |
| CVE-2021-26812 | 2021-04-14 | Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on... |
| CVE-2021-27990 | 2021-04-14 | Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. |
| CVE-2021-27604 | 2021-04-14 | In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31,... |
| CVE-2021-27599 | 2021-04-14 | SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which... |
| CVE-2020-29592 | 2021-04-14 | An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous... |
| CVE-2021-27608 | 2021-04-14 | An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further... |
| CVE-2020-29593 | 2021-04-14 | An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt... |
| CVE-2021-30493 | 2021-04-14 | Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a... |
| CVE-2021-30494 | 2021-04-14 | Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation... |
| CVE-2021-27705 | 2021-04-14 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly... |
| CVE-2021-27706 | 2021-04-14 | Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function... |
| CVE-2021-28098 | 2021-04-14 | An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to... |
| CVE-2021-27130 | 2021-04-14 | Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. |
| CVE-2021-27707 | 2021-04-14 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly... |
| CVE-2021-25314 | 2021-04-14 | hawk: Insecure file permissions |
| CVE-2021-27708 | 2021-04-14 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request.... |
| CVE-2021-27246 | 2021-04-14 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw... |
| CVE-2021-27247 | 2021-04-14 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2021-27248 | 2021-04-14 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw... |
| CVE-2021-27249 | 2021-04-14 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw... |
| CVE-2021-27250 | 2021-04-14 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw... |
| CVE-2021-27251 | 2021-04-14 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling... |
| CVE-2021-27252 | 2021-04-14 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2021-27253 | 2021-04-14 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be... |
| CVE-2021-27258 | 2021-04-14 | This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2021-27259 | 2021-04-14 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest... |
| CVE-2021-27260 | 2021-04-14 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target... |