CVE List - 2021 / May
Showing 501 - 600 of 1494 CVEs for May 2021 (Page 6 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-31198 | 2021-05-11 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-31204 | 2021-05-11 | .NET and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2021-31205 | 2021-05-11 | Windows SMB Client Security Feature Bypass Vulnerability |
| CVE-2021-31207 | 2021-05-11 | Microsoft Exchange Server Security Feature Bypass Vulnerability |
| CVE-2021-31208 | 2021-05-11 | Windows Container Manager Service Elevation of Privilege Vulnerability |
| CVE-2021-31211 | 2021-05-11 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-31209 | 2021-05-11 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-31213 | 2021-05-11 | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability |
| CVE-2021-31214 | 2021-05-11 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-31936 | 2021-05-11 | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability |
| CVE-2020-26144 | 2021-05-11 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond... |
| CVE-2020-26140 | 2021-05-11 | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary... |
| CVE-2020-26145 | 2021-05-11 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and... |
| CVE-2020-26143 | 2021-05-11 | An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An... |
| CVE-2020-26139 | 2021-05-11 | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to... |
| CVE-2020-26146 | 2021-05-11 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate... |
| CVE-2020-26147 | 2021-05-11 | An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can... |
| CVE-2020-26142 | 2021-05-11 | An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject... |
| CVE-2020-26141 | 2021-05-11 | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary... |
| CVE-2021-32089 | 2021-05-11 | An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through... |
| CVE-2021-32604 | 2021-05-11 | Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." |
| CVE-2021-32605 | 2021-05-11 | zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within... |
| CVE-2021-3504 | 2021-05-11 | A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input... |
| CVE-2021-20310 | 2021-05-11 | A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted... |
| CVE-2021-20311 | 2021-05-11 | A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that... |
| CVE-2020-36289 | 2021-05-12 | Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before... |
| CVE-2021-23891 | 2021-05-12 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) |
| CVE-2021-23872 | 2021-05-12 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) |
| CVE-2021-23892 | 2021-05-12 | By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user... |
| CVE-2020-35198 | 2021-05-12 | An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a... |
| CVE-2020-13873 | 2021-05-12 | A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As... |
| CVE-2019-19276 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16... |
| CVE-2020-25242 | 2021-05-12 | A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1... |
| CVE-2020-28393 | 2021-05-12 | An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE... |
| CVE-2021-25660 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6) |
| CVE-2021-25661 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6) |
| CVE-2021-25662 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6) |
| CVE-2021-27383 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6) |
| CVE-2021-27384 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6) |
| CVE-2021-27385 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6) |
| CVE-2021-27386 | 2021-05-12 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6) |
| CVE-2021-27396 | 2021-05-12 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in... |
| CVE-2021-27397 | 2021-05-12 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in... |
| CVE-2021-27398 | 2021-05-12 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in... |
| CVE-2021-31339 | 2021-05-12 | A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server... |
| CVE-2021-31341 | 2021-05-12 | Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module... |
| CVE-2021-20277 | 2021-05-12 | A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server... |
| CVE-2020-27840 | 2021-05-12 | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead... |
| CVE-2021-3457 | 2021-05-12 | An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This... |
| CVE-2021-20202 | 2021-05-12 | A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to... |
| CVE-2021-32608 | 2021-05-12 | An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. |
| CVE-2021-32607 | 2021-05-12 | An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. |
| CVE-2021-28649 | 2021-05-12 | An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code... |
| CVE-2021-31519 | 2021-05-12 | An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary... |
| CVE-2021-32611 | 2021-05-12 | A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses. |
| CVE-2020-23790 | 2021-05-12 | An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. |
| CVE-2021-32572 | 2021-05-12 | Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file. |
| CVE-2021-30211 | 2021-05-12 | Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter. |
| CVE-2021-30212 | 2021-05-12 | Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter. |
| CVE-2021-30214 | 2021-05-12 | Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter. |
| CVE-2021-30213 | 2021-05-12 | Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. |
| CVE-2020-19274 | 2021-05-12 | A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code. |
| CVE-2020-19275 | 2021-05-12 | An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. |
| CVE-2021-29511 | 2021-05-12 | Memory over-allocation in evm crate |
| CVE-2020-18165 | 2021-05-12 | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". |
| CVE-2020-28722 | 2021-05-12 | Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates. |
| CVE-2021-23134 | 2021-05-12 | Linux kernel llcp_sock_bind/connect use-after-free |
| CVE-2021-23135 | 2021-05-12 | Argo CD leaked secret data into error messages and logs on invalid edits via UI |
| CVE-2021-22155 | 2021-05-12 | An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to... |
| CVE-2021-21424 | 2021-05-13 | Prevent user enumeration using Guard or the new Authenticator-based Security |
| CVE-2021-29623 | 2021-05-13 | Uninitialized variable bug in Exiv2 |
| CVE-2020-36197 | 2021-05-13 | Improper Access Control Vulnerability in Music Station |
| CVE-2020-36198 | 2021-05-13 | Command Injection Vulnerability in Malware Remover |
| CVE-2021-28799 | 2021-05-13 | Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync) |
| CVE-2021-31215 | 2021-05-13 | SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. |
| CVE-2021-20331 | 2021-05-13 | MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application |
| CVE-2021-22152 | 2021-05-13 | A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow... |
| CVE-2021-22153 | 2021-05-13 | A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause... |
| CVE-2021-22154 | 2021-05-13 | An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access... |
| CVE-2020-12967 | 2021-05-13 | AMD Secure Encrypted Virtualization |
| CVE-2021-26311 | 2021-05-13 | AMD Secure Encrypted Virtualization |
| CVE-2021-25694 | 2021-05-13 | Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere. |
| CVE-2021-25693 | 2021-05-13 | An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference. |
| CVE-2021-20250 | 2021-05-13 | A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest... |
| CVE-2020-14354 | 2021-05-13 | A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses... |
| CVE-2020-12526 | 2021-05-13 | BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server |
| CVE-2021-20988 | 2021-05-13 | Hilscher rcX RTOS: Wrong handling of the UDP checksum |
| CVE-2021-20993 | 2021-05-13 | WAGO: Managed Switches: Exposure of sensitive information through directory listing |
| CVE-2021-20994 | 2021-05-13 | WAGO: Managed Switches: Reflected Cross-site Scripting |
| CVE-2021-20995 | 2021-05-13 | WAGO: Managed Switches: Storage of user credentials in a cookie |
| CVE-2021-20996 | 2021-05-13 | WAGO: Managed Switches: Unsecure Cookie settings |
| CVE-2021-20997 | 2021-05-13 | WAGO: Managed Switches: Unauthorized access to password hashes |
| CVE-2021-20998 | 2021-05-13 | WAGO: Managed Switches: Unauthorized creation of user accounts |
| CVE-2021-20999 | 2021-05-13 | WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways |
| CVE-2020-27824 | 2021-05-13 | A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The... |
| CVE-2020-27823 | 2021-05-13 | A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this... |
| CVE-2020-20092 | 2021-05-13 | File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could... |
| CVE-2020-28063 | 2021-05-13 | A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. |
| CVE-2020-27830 | 2021-05-13 | A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr... |
| CVE-2020-25713 | 2021-05-13 | A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. |