CVE List - 2021 / June
Showing 1 - 100 of 1691 CVEs for June 2021 (Page 1 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-32027 | 2021-06-01 | A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated... |
| CVE-2021-33180 | 2021-06-01 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands... |
| CVE-2021-29092 | 2021-06-01 | Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
| CVE-2021-29088 | 2021-06-01 | Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified... |
| CVE-2021-33183 | 2021-06-01 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files... |
| CVE-2021-33184 | 2021-06-01 | Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2021-33182 | 2021-06-01 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited... |
| CVE-2021-33181 | 2021-06-01 | Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. |
| CVE-2021-25932 | 2021-06-01 | In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks... |
| CVE-2021-27828 | 2021-06-01 | SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. |
| CVE-2021-24309 | 2021-06-01 | Weekly Schedule < 3.4.3 - Authenticated Stored XSS |
| CVE-2021-24310 | 2021-06-01 | Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title |
| CVE-2021-24311 | 2021-06-01 | External Media < 1.0.34 - Authenticated Arbitrary File Upload |
| CVE-2021-24312 | 2021-06-01 | WP Super Cache < 1.7.3 - Authenticated Remote Code Execution |
| CVE-2021-24313 | 2021-06-01 | WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24316 | 2021-06-01 | Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24317 | 2021-06-01 | Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities |
| CVE-2021-24318 | 2021-06-01 | Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities |
| CVE-2021-24319 | 2021-06-01 | Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS |
| CVE-2021-24320 | 2021-06-01 | Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS |
| CVE-2021-24321 | 2021-06-01 | Bello < 1.6.0 - Unauthenticated Blind SQL Injection |
| CVE-2021-24322 | 2021-06-01 | Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS) |
| CVE-2021-24328 | 2021-06-01 | WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24329 | 2021-06-01 | WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24330 | 2021-06-01 | Funnel Builder by CartFlows < 1.6.13 - Authenticated Stored XSS via FB Pixel ID and Google Analytics ID |
| CVE-2021-24331 | 2021-06-01 | Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS |
| CVE-2021-24333 | 2021-06-01 | Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24334 | 2021-06-01 | Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS |
| CVE-2021-24335 | 2021-06-01 | Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS |
| CVE-2020-1920 | 2021-06-01 | A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version... |
| CVE-2021-23018 | 2021-06-01 | Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster. |
| CVE-2021-23019 | 2021-06-01 | The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. |
| CVE-2021-23020 | 2021-06-01 | The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. |
| CVE-2021-23021 | 2021-06-01 | The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. |
| CVE-2021-23017 | 2021-06-01 | A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting... |
| CVE-2020-27748 | 2021-06-01 | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to... |
| CVE-2021-3543 | 2021-06-01 | A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of... |
| CVE-2021-3495 | 2021-06-01 | An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the... |
| CVE-2021-3515 | 2021-06-01 | A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that... |
| CVE-2021-20306 | 2021-06-01 | A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the... |
| CVE-2021-3516 | 2021-06-01 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The... |
| CVE-2021-3412 | 2021-06-01 | It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly... |
| CVE-2021-29740 | 2021-06-01 | IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context... |
| CVE-2021-31641 | 2021-06-01 | An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when... |
| CVE-2020-26668 | 2021-06-01 | A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the... |
| CVE-2020-26669 | 2021-06-01 | A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content... |
| CVE-2020-26670 | 2021-06-01 | A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the... |
| CVE-2021-31642 | 2021-06-01 | A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored... |
| CVE-2021-31643 | 2021-06-01 | An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username... |
| CVE-2020-26693 | 2021-06-01 | A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function. |
| CVE-2020-17541 | 2021-06-01 | Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or... |
| CVE-2020-27377 | 2021-06-01 | A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts. |
| CVE-2021-32651 | 2021-06-01 | LDAP injection via OneDev may leak some LDAP directory information |
| CVE-2021-32924 | 2021-06-01 | Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. |
| CVE-2020-22035 | 2021-06-01 | A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences. |
| CVE-2020-22036 | 2021-06-01 | A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. |
| CVE-2021-3424 | 2021-06-01 | A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already... |
| CVE-2021-32652 | 2021-06-01 | Missing permission check on email metadata retrieval |
| CVE-2021-3425 | 2021-06-01 | A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions... |
| CVE-2020-22040 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. |
| CVE-2020-22037 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. |
| CVE-2020-22038 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. |
| CVE-2020-22039 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. |
| CVE-2020-22041 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. |
| CVE-2021-32653 | 2021-06-01 | Default settings leak federated cloud ID to lookup server of all users |
| CVE-2020-22042 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. |
| CVE-2021-26111 | 2021-06-01 | A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent... |
| CVE-2020-22043 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. |
| CVE-2021-22123 | 2021-06-01 | An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the... |
| CVE-2020-22044 | 2021-06-01 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. |
| CVE-2021-32654 | 2021-06-01 | Attacker can obtain write access to any federated share/public link |
| CVE-2021-32655 | 2021-06-01 | Files Drop public link can be added as federated share |
| CVE-2021-32656 | 2021-06-01 | Trusted servers exchange can be triggered by attacker |
| CVE-2021-32657 | 2021-06-01 | Malicious user could break user administration page |
| CVE-2021-28676 | 2021-06-02 | An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. |
| CVE-2021-30474 | 2021-06-02 | aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. |
| CVE-2021-31855 | 2021-06-02 | KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes... |
| CVE-2021-29091 | 2021-06-02 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files... |
| CVE-2021-29090 | 2021-06-02 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL... |
| CVE-2021-29089 | 2021-06-02 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL... |
| CVE-2020-6641 | 2021-06-02 | Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal... |
| CVE-2020-10742 | 2021-06-02 | A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of... |
| CVE-2020-10743 | 2021-06-02 | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker... |
| CVE-2020-10771 | 2021-06-02 | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to... |
| CVE-2020-14326 | 2021-06-02 | A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the... |
| CVE-2020-14317 | 2021-06-02 | It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could... |
| CVE-2020-14336 | 2021-06-02 | A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of... |
| CVE-2020-14335 | 2021-06-02 | A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain... |
| CVE-2020-14340 | 2021-06-02 | A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause... |
| CVE-2020-14371 | 2021-06-02 | A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. |
| CVE-2020-14380 | 2021-06-02 | An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim... |
| CVE-2021-3520 | 2021-06-02 | There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of... |
| CVE-2020-14388 | 2021-06-02 | A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user... |
| CVE-2021-24012 | 2021-06-02 | An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is... |
| CVE-2021-23894 | 2021-06-02 | Unauthorized deserialization of untrusted data in McAfee DBSec |
| CVE-2021-23895 | 2021-06-02 | Authorized deserialization of untrusted data in McAfee DBSec |
| CVE-2021-23896 | 2021-06-02 | Cleartext Transmission of Sensitive Information in McAfee DBSec |
| CVE-2020-35514 | 2021-06-02 | An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access... |
| CVE-2020-35510 | 2021-06-02 | A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes... |
| CVE-2020-35503 | 2021-06-02 | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback... |