CVE List - 2021 / May
Showing 1101 - 1200 of 1494 CVEs for May 2021 (Page 12 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-25409 | 2021-05-24 | Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. |
| CVE-2020-25411 | 2021-05-24 | Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user. |
| CVE-2020-26006 | 2021-05-24 | Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. |
| CVE-2021-32075 | 2021-05-24 | Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. |
| CVE-2020-28900 | 2021-05-24 | Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related... |
| CVE-2020-28901 | 2021-05-24 | Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. |
| CVE-2020-28902 | 2021-05-24 | Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. |
| CVE-2020-28903 | 2021-05-24 | Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS. |
| CVE-2020-28904 | 2021-05-24 | Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code. |
| CVE-2020-28905 | 2021-05-24 | Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination. |
| CVE-2020-28906 | 2021-05-24 | Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are... |
| CVE-2020-28907 | 2021-05-24 | Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package... |
| CVE-2020-28908 | 2021-05-24 | Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. |
| CVE-2020-28909 | 2021-05-24 | Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed... |
| CVE-2020-28910 | 2021-05-24 | Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. |
| CVE-2020-28911 | 2021-05-24 | Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. |
| CVE-2020-25408 | 2021-05-24 | A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student,... |
| CVE-2021-3485 | 2021-05-24 | Improper Input Validation in Bitdefender Endpoint Security Tools for Linux |
| CVE-2020-4990 | 2021-05-24 | IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information... |
| CVE-2021-20385 | 2021-05-24 | IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute... |
| CVE-2021-20386 | 2021-05-24 | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2021-20389 | 2021-05-24 | IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770. |
| CVE-2021-20419 | 2021-05-24 | IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280. |
| CVE-2021-20426 | 2021-05-24 | IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of... |
| CVE-2021-20428 | 2021-05-24 | IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in... |
| CVE-2021-20557 | 2021-05-24 | IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184. |
| CVE-2021-33516 | 2021-05-24 | An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's... |
| CVE-2019-12348 | 2021-05-24 | An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. |
| CVE-2021-32629 | 2021-05-24 | Memory access due to code generation flaw in Cranelift module |
| CVE-2021-29300 | 2021-05-24 | The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with... |
| CVE-2021-33502 | 2021-05-24 | The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data:... |
| CVE-2021-32624 | 2021-05-24 | Private Field data leak |
| CVE-2020-26560 | 2021-05-24 | Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue,... |
| CVE-2020-26559 | 2021-05-24 | Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public... |
| CVE-2020-26558 | 2021-05-24 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication... |
| CVE-2020-26557 | 2021-05-24 | Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via... |
| CVE-2020-21041 | 2021-05-24 | Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service |
| CVE-2020-26556 | 2021-05-24 | Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning... |
| CVE-2020-26555 | 2021-05-24 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing... |
| CVE-2021-30081 | 2021-05-24 | An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page. |
| CVE-2021-30082 | 2021-05-24 | An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard. |
| CVE-2021-30083 | 2021-05-24 | An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter... |
| CVE-2021-29256 | 2021-05-24 | . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through... |
| CVE-2020-20907 | 2021-05-24 | MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. |
| CVE-2021-23387 | 2021-05-24 | Open Redirect |
| CVE-2020-20178 | 2021-05-24 | Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in... |
| CVE-2021-30108 | 2021-05-24 | Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to... |
| CVE-2021-33525 | 2021-05-24 | EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring... |
| CVE-2020-10064 | 2021-05-24 | Improper Input Frame Validation in ieee802154 Processing |
| CVE-2020-10065 | 2021-05-24 | Missing Size Checks in Bluetooth HCI over SPI |
| CVE-2020-10066 | 2021-05-24 | Incorrect Error Handling in Bluetooth HCI core |
| CVE-2020-10069 | 2021-05-24 | Zephyr Bluetooth unchecked packet data results in denial of service |
| CVE-2020-10072 | 2021-05-24 | Improper Handling of Insufficient Permissions or Privileges in zephyr |
| CVE-2020-13598 | 2021-05-24 | FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat |
| CVE-2020-13599 | 2021-05-24 | Security problem with settings and littlefs |
| CVE-2020-13600 | 2021-05-24 | Malformed SPI in response for eswifi can corrupt kernel memory |
| CVE-2020-13601 | 2021-05-24 | Possible read out of bounds in dns read |
| CVE-2020-13602 | 2021-05-24 | Remote Denial of Service in LwM2M do_write_op_tlv |
| CVE-2020-13603 | 2021-05-24 | Integer Overflow in memory allocating functions |
| CVE-2021-3320 | 2021-05-24 | Type Confusion in 802154 ACK Frames Handling |
| CVE-2021-33562 | 2021-05-24 | A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary... |
| CVE-2021-33561 | 2021-05-24 | A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is... |
| CVE-2021-33563 | 2021-05-24 | Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier. |
| CVE-2021-33574 | 2021-05-25 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent... |
| CVE-2021-23937 | 2021-05-25 | DNS proxy and possible amplification attack |
| CVE-2020-9451 | 2021-05-25 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable... |
| CVE-2020-9450 | 2021-05-25 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate... |
| CVE-2020-9452 | 2021-05-25 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges.... |
| CVE-2021-20096 | 2021-05-25 | Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
| CVE-2021-30187 | 2021-05-25 | CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. |
| CVE-2021-30189 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. |
| CVE-2021-30190 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. |
| CVE-2021-30191 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. |
| CVE-2021-30192 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. |
| CVE-2021-30193 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. |
| CVE-2021-30194 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. |
| CVE-2021-30186 | 2021-05-25 | CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. |
| CVE-2021-30188 | 2021-05-25 | CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. |
| CVE-2021-30195 | 2021-05-25 | CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. |
| CVE-2021-29201 | 2021-05-25 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380... |
| CVE-2021-29202 | 2021-05-25 | A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity... |
| CVE-2021-29204 | 2021-05-25 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380... |
| CVE-2021-29205 | 2021-05-25 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380... |
| CVE-2021-27821 | 2021-05-25 | The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution. |
| CVE-2021-33425 | 2021-05-25 | A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the... |
| CVE-2021-27823 | 2021-05-25 | An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system. |
| CVE-2021-29206 | 2021-05-25 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380... |
| CVE-2021-29207 | 2021-05-25 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380... |
| CVE-2021-21657 | 2021-05-25 | Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2021-21658 | 2021-05-25 | Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2021-21659 | 2021-05-25 | Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2021-21660 | 2021-05-25 | Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit... |
| CVE-2021-29210 | 2021-05-25 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers;... |
| CVE-2021-29211 | 2021-05-25 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380... |
| CVE-2021-29208 | 2021-05-25 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers;... |
| CVE-2021-29209 | 2021-05-25 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers;... |
| CVE-2020-4839 | 2021-05-25 | IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a... |
| CVE-2021-29695 | 2021-05-25 | IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request that would allow them to... |
| CVE-2021-29708 | 2021-05-25 | IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force... |
| CVE-2021-32638 | 2021-05-25 | CodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecated |