CVE List - 2021 / May
Showing 801 - 900 of 1494 CVEs for May 2021 (Page 9 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-32073 | 2021-05-14 | DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. |
| CVE-2020-16632 | 2021-05-14 | A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. |
| CVE-2021-22668 | 2021-05-16 | Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute... |
| CVE-2021-29039 | 2021-05-16 | Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name. |
| CVE-2021-29040 | 2021-05-16 | The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may... |
| CVE-2021-29041 | 2021-05-16 | Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based... |
| CVE-2021-29047 | 2021-05-16 | The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to... |
| CVE-2021-29023 | 2021-05-17 | InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable. |
| CVE-2021-29024 | 2021-05-17 | In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication. |
| CVE-2021-32617 | 2021-05-17 | Denial of service in Exiv2 |
| CVE-2021-3524 | 2021-05-17 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a... |
| CVE-2021-29045 | 2021-05-17 | Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject... |
| CVE-2021-29046 | 2021-05-17 | Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary... |
| CVE-2021-29053 | 2021-05-17 | Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to... |
| CVE-2021-29043 | 2021-05-17 | The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3... |
| CVE-2021-29044 | 2021-05-17 | Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack... |
| CVE-2021-29051 | 2021-05-17 | Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10... |
| CVE-2021-29048 | 2021-05-17 | Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1... |
| CVE-2021-29052 | 2021-05-17 | The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to... |
| CVE-2021-3483 | 2021-05-17 | A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when... |
| CVE-2007-5967 | 2021-05-17 | A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. |
| CVE-2021-31727 | 2021-05-17 | Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register... |
| CVE-2021-31728 | 2021-05-17 | Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate... |
| CVE-2021-27342 | 2021-05-17 | An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based... |
| CVE-2021-32402 | 2021-05-17 | Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules. |
| CVE-2021-32403 | 2021-05-17 | Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules. |
| CVE-2021-27734 | 2021-05-17 | Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. |
| CVE-2019-14827 | 2021-05-17 | A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were... |
| CVE-2021-33041 | 2021-05-17 | vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS. |
| CVE-2021-32455 | 2021-05-17 | SITEL CAP/PRX vulnerable to a denial of service attack |
| CVE-2021-32453 | 2021-05-17 | SITEL CAP/PRX information exposure |
| CVE-2021-24288 | 2021-05-17 | AcyMailing < 7.5.0 - Unauthenticated Open Redirect |
| CVE-2021-24289 | 2021-05-17 | Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation |
| CVE-2021-24290 | 2021-05-17 | Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24292 | 2021-05-17 | Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS |
| CVE-2021-24295 | 2021-05-17 | Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 |
| CVE-2021-24299 | 2021-05-17 | ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24314 | 2021-05-17 | Goto < 2.1 - Unauthenticated Blind SQL Injection |
| CVE-2021-24315 | 2021-05-17 | Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24323 | 2021-05-17 | Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24324 | 2021-05-17 | 404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24325 | 2021-05-17 | 404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24326 | 2021-05-17 | All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24327 | 2021-05-17 | SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2020-13667 | 2021-05-17 | Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to... |
| CVE-2021-25264 | 2021-05-17 | In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. |
| CVE-2020-4669 | 2021-05-17 | IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password... |
| CVE-2020-4670 | 2021-05-17 | IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A... |
| CVE-2021-29747 | 2021-05-17 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775. |
| CVE-2021-32454 | 2021-05-17 | SITEL CAP/PRX hardcoded credentials |
| CVE-2021-23384 | 2021-05-17 | Open Redirect |
| CVE-2021-32456 | 2021-05-17 | SITEL CAP/PRX cleartext transmission of sensitive information |
| CVE-2020-21813 | 2021-05-17 | A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114. |
| CVE-2021-32618 | 2021-05-17 | Open Redirect Vulnerability |
| CVE-2020-21814 | 2021-05-17 | A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97. |
| CVE-2020-21816 | 2021-05-17 | A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46. |
| CVE-2020-24992 | 2021-05-17 | There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module. |
| CVE-2020-24993 | 2021-05-17 | There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module. |
| CVE-2020-21815 | 2021-05-17 | A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash). |
| CVE-2020-21817 | 2021-05-17 | A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash). |
| CVE-2020-21818 | 2021-05-17 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48. |
| CVE-2020-21819 | 2021-05-17 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51. |
| CVE-2020-29205 | 2021-05-17 | XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field |
| CVE-2021-32622 | 2021-05-17 | File upload local preview can run embedded scripts after user interaction |
| CVE-2020-21827 | 2021-05-17 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379. |
| CVE-2020-21830 | 2021-05-17 | A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213. |
| CVE-2020-21832 | 2021-05-17 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417. |
| CVE-2020-21833 | 2021-05-17 | A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440. |
| CVE-2020-21834 | 2021-05-17 | A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164. |
| CVE-2020-21835 | 2021-05-17 | A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337. |
| CVE-2020-21836 | 2021-05-17 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175. |
| CVE-2020-21838 | 2021-05-17 | A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842. |
| CVE-2020-21839 | 2021-05-17 | An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638. |
| CVE-2020-21840 | 2021-05-17 | A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. |
| CVE-2020-21841 | 2021-05-17 | A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. |
| CVE-2020-21842 | 2021-05-17 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051. |
| CVE-2020-18194 | 2021-05-17 | Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. |
| CVE-2020-18195 | 2021-05-17 | Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." |
| CVE-2020-18198 | 2021-05-17 | Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." |
| CVE-2020-21843 | 2021-05-17 | A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. |
| CVE-2020-24755 | 2021-05-17 | In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code... |
| CVE-2020-21844 | 2021-05-17 | GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. |
| CVE-2020-21831 | 2021-05-17 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. |
| CVE-2021-3531 | 2021-05-18 | A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it... |
| CVE-2021-31827 | 2021-05-18 | In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access... |
| CVE-2021-3423 | 2021-05-18 | Privilege escalation in Bitdefender GravityZone Business Security |
| CVE-2020-15279 | 2021-05-18 | Scanning exclusion paths disclosure in BEST for Windows |
| CVE-2021-3518 | 2021-05-18 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger... |
| CVE-2002-2438 | 2021-05-18 | TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. |
| CVE-2020-25709 | 2021-05-18 | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The... |
| CVE-2021-22117 | 2021-05-18 | RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. |
| CVE-2021-30145 | 2021-05-18 | A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. |
| CVE-2020-20253 | 2021-05-18 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a... |
| CVE-2020-20254 | 2021-05-18 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). |
| CVE-2020-23851 | 2021-05-18 | A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious... |
| CVE-2020-23852 | 2021-05-18 | A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial... |
| CVE-2020-24026 | 2021-05-18 | TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the... |
| CVE-2020-23856 | 2021-05-18 | Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. |
| CVE-2021-32238 | 2021-05-18 | Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and... |
| CVE-2020-23861 | 2021-05-18 | A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file. |