CVE List - 2021 / May
Showing 1201 - 1300 of 1494 CVEs for May 2021 (Page 13 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-20445 | 2021-05-25 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. |
| CVE-2020-20446 | 2021-05-25 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. |
| CVE-2020-20448 | 2021-05-25 | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. |
| CVE-2020-20450 | 2021-05-25 | FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. |
| CVE-2021-32640 | 2021-05-25 | ReDoS in Sec-Websocket-Protocol header |
| CVE-2021-25944 | 2021-05-25 | Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2021-27562 | 2021-05-25 | In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure... |
| CVE-2021-25935 | 2021-05-25 | In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `add()` performs improper validation checks... |
| CVE-2021-25934 | 2021-05-25 | In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any... |
| CVE-2020-20451 | 2021-05-25 | Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. |
| CVE-2021-25946 | 2021-05-25 | Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2020-20453 | 2021-05-25 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service |
| CVE-2021-20209 | 2021-05-25 | A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. |
| CVE-2020-25672 | 2021-05-25 | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect |
| CVE-2016-20011 | 2021-05-25 | libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior... |
| CVE-2021-33570 | 2021-05-25 | Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and... |
| CVE-2021-33575 | 2021-05-25 | The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing. |
| CVE-2021-31924 | 2021-05-25 | Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow... |
| CVE-2021-20178 | 2021-05-26 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This... |
| CVE-2021-20191 | 2021-05-26 | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker... |
| CVE-2021-22737 | 2021-05-26 | Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. |
| CVE-2021-30498 | 2021-05-26 | A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. |
| CVE-2021-29252 | 2021-05-26 | RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability... |
| CVE-2021-29253 | 2021-05-26 | The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook... |
| CVE-2021-27676 | 2021-05-26 | Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log... |
| CVE-2021-26032 | 2021-05-26 | [20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload |
| CVE-2021-26033 | 2021-05-26 | [20210502] - Core - CSRF in AJAX reordering endpoint |
| CVE-2021-26034 | 2021-05-26 | [20210503] - Core - CSRF in data download endpoints |
| CVE-2020-25670 | 2021-05-26 | A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. |
| CVE-2021-22543 | 2021-05-26 | Improper memory handling in Linux KVM |
| CVE-2020-25671 | 2021-05-26 | A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. |
| CVE-2020-25673 | 2021-05-26 | A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. |
| CVE-2020-25668 | 2021-05-26 | A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. |
| CVE-2019-14836 | 2021-05-26 | A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct... |
| CVE-2020-25669 | 2021-05-26 | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in... |
| CVE-2020-26678 | 2021-05-26 | vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order... |
| CVE-2020-26679 | 2021-05-26 | vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving... |
| CVE-2020-26680 | 2021-05-26 | In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data... |
| CVE-2020-26677 | 2021-05-26 | Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. |
| CVE-2020-25697 | 2021-05-26 | A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application... |
| CVE-2020-27815 | 2021-05-26 | A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing... |
| CVE-2021-22160 | 2021-05-26 | Authentication with JWT allows use of “none”-algorithm |
| CVE-2021-32457 | 2021-05-26 | Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to... |
| CVE-2021-33038 | 2021-05-26 | An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example,... |
| CVE-2021-21985 | 2021-05-26 | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter... |
| CVE-2021-21986 | 2021-05-26 | The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A... |
| CVE-2021-25945 | 2021-05-26 | Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2020-24020 | 2021-05-26 | Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. |
| CVE-2021-33506 | 2021-05-26 | jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. |
| CVE-2021-33194 | 2021-05-26 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. |
| CVE-2020-18221 | 2021-05-26 | Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. |
| CVE-2019-4588 | 2021-05-26 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking... |
| CVE-2021-20486 | 2021-05-26 | IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668. |
| CVE-2021-20487 | 2021-05-26 | IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. |
| CVE-2021-20492 | 2021-05-26 | IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit... |
| CVE-2020-22015 | 2021-05-26 | Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of... |
| CVE-2021-33469 | 2021-05-26 | COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. |
| CVE-2021-33470 | 2021-05-26 | COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. |
| CVE-2018-10863 | 2021-05-26 | It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use... |
| CVE-2018-10865 | 2021-05-26 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any... |
| CVE-2018-10866 | 2021-05-26 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an... |
| CVE-2018-10867 | 2021-05-26 | Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. |
| CVE-2018-10868 | 2021-05-26 | redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC... |
| CVE-2020-15076 | 2021-05-26 | Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp. |
| CVE-2019-25029 | 2021-05-26 | In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks... |
| CVE-2019-25030 | 2021-05-26 | In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the... |
| CVE-2018-16499 | 2021-05-26 | In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher... |
| CVE-2018-16498 | 2021-05-26 | In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL... |
| CVE-2018-16497 | 2021-05-26 | In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user... |
| CVE-2018-16496 | 2021-05-26 | In Versa Director, the un-authentication request found. |
| CVE-2018-16495 | 2021-05-26 | In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue... |
| CVE-2018-16494 | 2021-05-26 | In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write,... |
| CVE-2020-22020 | 2021-05-26 | Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. |
| CVE-2020-22019 | 2021-05-26 | Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. |
| CVE-2021-22699 | 2021-05-26 | Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over... |
| CVE-2021-22705 | 2021-05-26 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a... |
| CVE-2021-22731 | 2021-05-26 | Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS... |
| CVE-2021-22732 | 2021-05-26 | Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the... |
| CVE-2021-22733 | 2021-05-26 | Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. |
| CVE-2021-22734 | 2021-05-26 | Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. |
| CVE-2021-22735 | 2021-05-26 | Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. |
| CVE-2021-22736 | 2021-05-26 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service... |
| CVE-2021-22738 | 2021-05-26 | Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after... |
| CVE-2021-22739 | 2021-05-26 | Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured. |
| CVE-2021-22740 | 2021-05-26 | Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. |
| CVE-2021-22741 | 2021-05-26 | Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior),... |
| CVE-2021-22742 | 2021-05-26 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets... |
| CVE-2021-22743 | 2021-05-26 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while... |
| CVE-2021-22744 | 2021-05-26 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets... |
| CVE-2021-22745 | 2021-05-26 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets... |
| CVE-2021-22746 | 2021-05-26 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets... |
| CVE-2021-22747 | 2021-05-26 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets... |
| CVE-2020-22021 | 2021-05-26 | Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. |
| CVE-2021-25643 | 2021-05-26 | An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the... |
| CVE-2020-22024 | 2021-05-26 | Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. |
| CVE-2020-22026 | 2021-05-26 | Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. |
| CVE-2021-3548 | 2021-05-26 | A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout... |
| CVE-2020-22028 | 2021-05-26 | Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. |
| CVE-2021-3549 | 2021-05-26 | An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in... |
| CVE-2021-20297 | 2021-05-26 | A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. |