CVE List - 2021 / June
Showing 1101 - 1200 of 1691 CVEs for June 2021 (Page 12 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-33820 | 2021-06-18 | An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web... |
| CVE-2021-33818 | 2021-06-18 | An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the... |
| CVE-2021-33822 | 2021-06-18 | An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to... |
| CVE-2021-33823 | 2021-06-18 | An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the... |
| CVE-2021-33824 | 2021-06-18 | An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the... |
| CVE-2021-32696 | 2021-06-18 | Passing in a non-string 'html' argument can lead to unsanitized output |
| CVE-2021-21282 | 2021-06-18 | Buffer overflow in RPL source routing header processing |
| CVE-2021-21281 | 2021-06-18 | Buffer overflow due to unvalidated TCP data offset |
| CVE-2021-21280 | 2021-06-18 | Out-of-bounds write when processing 6LoWPAN extension headers |
| CVE-2021-21279 | 2021-06-18 | Infinite loop in IPv6 neighbor solicitation processing |
| CVE-2021-21257 | 2021-06-18 | Out-of-bounds write in RPL-Classic and RPL-Lite |
| CVE-2021-21410 | 2021-06-18 | Out-of-bounds read in the 6LoWPAN implementation |
| CVE-2021-33186 | 2021-06-18 | SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. |
| CVE-2021-33185 | 2021-06-18 | SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. |
| CVE-2021-31664 | 2021-06-18 | RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. |
| CVE-2021-31663 | 2021-06-18 | RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. |
| CVE-2021-31662 | 2021-06-18 | RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. |
| CVE-2021-31661 | 2021-06-18 | RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. |
| CVE-2021-31272 | 2021-06-18 | SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. |
| CVE-2021-31660 | 2021-06-18 | RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. |
| CVE-2021-24368 | 2021-06-20 | Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24370 | 2021-06-21 | Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE |
| CVE-2021-29063 | 2021-06-21 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called. |
| CVE-2020-20466 | 2021-06-21 | White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. |
| CVE-2020-20467 | 2021-06-21 | White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. |
| CVE-2020-20468 | 2021-06-21 | White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. |
| CVE-2020-20469 | 2021-06-21 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to... |
| CVE-2020-20470 | 2021-06-21 | White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. |
| CVE-2020-20471 | 2021-06-21 | White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. |
| CVE-2020-20472 | 2021-06-21 | White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of... |
| CVE-2020-20473 | 2021-06-21 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the... |
| CVE-2020-20474 | 2021-06-21 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to... |
| CVE-2021-31769 | 2021-06-21 | MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file"... |
| CVE-2021-33572 | 2021-06-21 | Denial-of-Service (DoS) Vulnerability |
| CVE-2021-29337 | 2021-06-21 | MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for... |
| CVE-2021-28684 | 2021-06-21 | The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). |
| CVE-2021-28833 | 2021-06-21 | Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. |
| CVE-2020-22390 | 2021-06-21 | Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the... |
| CVE-2018-25016 | 2021-06-21 | Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. |
| CVE-2019-25047 | 2021-06-21 | Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. |
| CVE-2020-21517 | 2021-06-21 | Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. |
| CVE-2020-21130 | 2021-06-21 | Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html. |
| CVE-2021-29060 | 2021-06-21 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string. |
| CVE-2021-29059 | 2021-06-21 | A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted... |
| CVE-2021-0513 | 2021-06-21 | In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with... |
| CVE-2021-0478 | 2021-06-21 | In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the... |
| CVE-2021-0512 | 2021-06-21 | In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0523 | 2021-06-21 | In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with... |
| CVE-2021-0522 | 2021-06-21 | In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2021-0521 | 2021-06-21 | In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution... |
| CVE-2021-0520 | 2021-06-21 | In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no... |
| CVE-2021-0508 | 2021-06-21 | In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0509 | 2021-06-21 | In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0510 | 2021-06-21 | In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0511 | 2021-06-21 | In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no... |
| CVE-2021-0517 | 2021-06-21 | In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur... |
| CVE-2021-0504 | 2021-06-21 | In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional... |
| CVE-2021-0505 | 2021-06-21 | In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2021-0516 | 2021-06-21 | In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no... |
| CVE-2021-0507 | 2021-06-21 | In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional... |
| CVE-2021-0506 | 2021-06-21 | In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2021-0525 | 2021-06-21 | In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0527 | 2021-06-21 | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0533 | 2021-06-21 | In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-0526 | 2021-06-21 | In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0528 | 2021-06-21 | In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-0529 | 2021-06-21 | In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2021-0531 | 2021-06-21 | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0530 | 2021-06-21 | In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0532 | 2021-06-21 | In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-26461 | 2021-06-21 | malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds |
| CVE-2020-19510 | 2021-06-21 | Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. |
| CVE-2020-19511 | 2021-06-21 | Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, |
| CVE-2021-32697 | 2021-06-21 | Form validation can be skipped |
| CVE-2021-21422 | 2021-06-21 | XSS Vulnerability in mongo-express |
| CVE-2021-35066 | 2021-06-21 | An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. |
| CVE-2021-24338 | 2021-06-21 | Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24339 | 2021-06-21 | Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24361 | 2021-06-21 | GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections |
| CVE-2021-24364 | 2021-06-21 | Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24366 | 2021-06-21 | Admin Columns Free < 4.3 & Pro < 5.5.1 - Admin+ Stored XSS in Label |
| CVE-2021-24367 | 2021-06-21 | WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24369 | 2021-06-21 | GetPaid < 2.3.4 - Authenticated Stored XSS |
| CVE-2021-24372 | 2021-06-21 | WP Hardening < 1.2.2 - Reflected XSS via URI |
| CVE-2021-24373 | 2021-06-21 | WP Hardening < 1.2.2 - Reflected XSS via historyvalue |
| CVE-2021-24374 | 2021-06-21 | Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak |
| CVE-2021-24376 | 2021-06-21 | Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings" |
| CVE-2021-24377 | 2021-06-21 | Autoptimize < 2.7.8 - Race Condition leading to RCE |
| CVE-2021-24378 | 2021-06-21 | Autoptimize < 2.7.8 - Authenticated Stored XSS via File Upload |
| CVE-2021-24379 | 2021-06-21 | Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass |
| CVE-2021-24383 | 2021-06-21 | WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2020-27511 | 2021-06-21 | An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags. |
| CVE-2021-29061 | 2021-06-21 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs. |
| CVE-2021-32698 | 2021-06-21 | Blind Server-Side Request Forgery (SSRF) in eLabFTW |
| CVE-2021-34386 | 2021-06-21 | Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which... |
| CVE-2021-34387 | 2021-06-21 | The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK... |
| CVE-2021-34388 | 2021-06-21 | Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service... |
| CVE-2021-34389 | 2021-06-21 | Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious... |
| CVE-2010-1432 | 2021-06-21 | Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging... |
| CVE-2010-1433 | 2021-06-21 | Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload... |