CVE List - 2021 / May
Showing 101 - 200 of 1494 CVEs for May 2021 (Page 2 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24248 | 2021-05-05 | Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE |
| CVE-2021-24249 | 2021-05-05 | Business Directory Plugin < 5.11.2 - Arbitrary Listing Export |
| CVE-2021-24250 | 2021-05-05 | Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24251 | 2021-05-05 | Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update |
| CVE-2021-24252 | 2021-05-05 | Event Banner <= 1.3 - Arbitrary File Upload to RCE |
| CVE-2021-24253 | 2021-05-05 | Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE |
| CVE-2021-24254 | 2021-05-05 | College Publisher Import <= 0.1 - Arbitrary File Upload to RCE |
| CVE-2021-31409 | 2021-05-05 | Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 |
| CVE-2020-19107 | 2021-05-05 | SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. |
| CVE-2020-19108 | 2021-05-05 | SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. |
| CVE-2020-19109 | 2021-05-05 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. |
| CVE-2020-19110 | 2021-05-05 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. |
| CVE-2020-19111 | 2021-05-05 | Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. |
| CVE-2020-19112 | 2021-05-05 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. |
| CVE-2020-23127 | 2021-05-05 | Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. |
| CVE-2020-19113 | 2021-05-05 | Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. |
| CVE-2020-23128 | 2021-05-05 | Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change... |
| CVE-2020-19114 | 2021-05-05 | SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. |
| CVE-2021-22211 | 2021-05-05 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. |
| CVE-2021-3501 | 2021-05-05 | A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated... |
| CVE-2021-30473 | 2021-05-06 | aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. |
| CVE-2021-29921 | 2021-05-06 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that... |
| CVE-2020-28007 | 2021-05-06 | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows... |
| CVE-2020-28008 | 2021-05-06 | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input... |
| CVE-2020-28009 | 2021-05-06 | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be... |
| CVE-2020-28010 | 2021-05-06 | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common... |
| CVE-2020-28011 | 2021-05-06 | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. |
| CVE-2020-28012 | 2021-05-06 | Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. |
| CVE-2020-28013 | 2021-05-06 | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs... |
| CVE-2020-28014 | 2021-05-06 | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. |
| CVE-2020-28015 | 2021-05-06 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. |
| CVE-2020-28016 | 2021-05-06 | Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. |
| CVE-2020-28017 | 2021-05-06 | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. |
| CVE-2020-28018 | 2021-05-06 | Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. |
| CVE-2020-28019 | 2021-05-06 | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client... |
| CVE-2020-28020 | 2021-05-06 | Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. |
| CVE-2020-28021 | 2021-05-06 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution... |
| CVE-2020-28022 | 2021-05-06 | Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. |
| CVE-2020-28023 | 2021-05-06 | Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. |
| CVE-2020-28024 | 2021-05-06 | Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push... |
| CVE-2020-28025 | 2021-05-06 | Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive... |
| CVE-2020-28026 | 2021-05-06 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a... |
| CVE-2021-27216 | 2021-05-06 | Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX... |
| CVE-2021-31532 | 2021-05-06 | NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev... |
| CVE-2021-31616 | 2021-05-06 | Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections... |
| CVE-2021-31245 | 2021-05-06 | omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a... |
| CVE-2021-26543 | 2021-05-06 | The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code... |
| CVE-2021-21505 | 2021-05-06 | Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials,... |
| CVE-2021-21527 | 2021-05-06 | Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to... |
| CVE-2021-21550 | 2021-05-06 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges... |
| CVE-2021-1428 | 2021-05-06 | Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities |
| CVE-2021-1430 | 2021-05-06 | Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities |
| CVE-2021-1429 | 2021-05-06 | Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities |
| CVE-2021-1438 | 2021-05-06 | Cisco Wide Area Application Services Software Information Disclosure Vulnerability |
| CVE-2021-1447 | 2021-05-06 | Cisco Content Security Management Appliance Privilege Escalation Vulnerability |
| CVE-2021-1468 | 2021-05-06 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1478 | 2021-05-06 | Cisco Unified Communications Manager Denial of Service Vulnerability |
| CVE-2021-1486 | 2021-05-06 | Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability |
| CVE-2021-1490 | 2021-05-06 | Cisco Web Security Appliance Cross-Site Scripting Vulnerability |
| CVE-2021-1496 | 2021-05-06 | Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities |
| CVE-2021-1497 | 2021-05-06 | Cisco HyperFlex HX Command Injection Vulnerabilities |
| CVE-2021-1498 | 2021-05-06 | Cisco HyperFlex HX Command Injection Vulnerabilities |
| CVE-2021-1499 | 2021-05-06 | Cisco HyperFlex HX Data Platform File Upload Vulnerability |
| CVE-2021-1505 | 2021-05-06 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1506 | 2021-05-06 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1507 | 2021-05-06 | Cisco SD-WAN vManage API Stored Cross-Site Scripting Vulnerability |
| CVE-2021-1508 | 2021-05-06 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1509 | 2021-05-06 | Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities |
| CVE-2021-1510 | 2021-05-06 | Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities |
| CVE-2021-1511 | 2021-05-06 | Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities |
| CVE-2021-1512 | 2021-05-06 | Cisco SD-WAN Software Arbitrary File Corruption Vulnerability |
| CVE-2021-1427 | 2021-05-06 | Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities |
| CVE-2021-1426 | 2021-05-06 | Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities |
| CVE-2021-1421 | 2021-05-06 | Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability |
| CVE-2021-1401 | 2021-05-06 | Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities |
| CVE-2021-1400 | 2021-05-06 | Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities |
| CVE-2021-1397 | 2021-05-06 | Cisco Integrated Management Controller Open Redirect Vulnerability |
| CVE-2021-1365 | 2021-05-06 | Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities |
| CVE-2021-1363 | 2021-05-06 | Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities |
| CVE-2021-1284 | 2021-05-06 | Cisco SD-WAN vManage Software Authentication Bypass Vulnerability |
| CVE-2021-1275 | 2021-05-06 | Cisco SD-WAN vManage Software Vulnerabilities |
| CVE-2021-1513 | 2021-05-06 | Cisco SD-WAN Software vDaemon Denial of Service Vulnerability |
| CVE-2021-1514 | 2021-05-06 | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2021-1515 | 2021-05-06 | Cisco SD-WAN vManage Information Disclosure Vulnerability |
| CVE-2021-1516 | 2021-05-06 | Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability |
| CVE-2021-1519 | 2021-05-06 | Cisco AnyConnect Secure Mobility Client Profile Modification Vulnerability |
| CVE-2021-1520 | 2021-05-06 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability |
| CVE-2021-1521 | 2021-05-06 | Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial of Service Vulnerability |
| CVE-2021-1530 | 2021-05-06 | Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability |
| CVE-2021-1532 | 2021-05-06 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerability |
| CVE-2021-1535 | 2021-05-06 | Cisco SD-WAN vManage Information Disclosure Vulnerability |
| CVE-2021-22210 | 2021-05-06 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a... |
| CVE-2021-22206 | 2021-05-06 | An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in... |
| CVE-2021-22208 | 2021-05-06 | An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. |
| CVE-2021-22209 | 2021-05-06 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. |
| CVE-2021-28128 | 2021-05-06 | In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use... |
| CVE-2020-35519 | 2021-05-06 | An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account... |
| CVE-2021-20204 | 2021-05-06 | A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software... |
| CVE-2021-32030 | 2021-05-06 | The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to... |
| CVE-2021-28151 | 2021-05-06 | Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and... |