CVE List - 2021 / June
Showing 1301 - 1400 of 1691 CVEs for June 2021 (Page 14 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-34391 | 2021-06-22 | Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered... |
| CVE-2021-34392 | 2021-06-22 | Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service. |
| CVE-2021-34393 | 2021-06-22 | Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit... |
| CVE-2021-34394 | 2021-06-22 | Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is... |
| CVE-2021-34395 | 2021-06-22 | Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to... |
| CVE-2021-34396 | 2021-06-22 | Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service. |
| CVE-2021-34397 | 2021-06-22 | Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. |
| CVE-2021-35210 | 2021-06-23 | Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the... |
| CVE-2021-29086 | 2021-06-23 | Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2021-27649 | 2021-06-23 | Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2021-29087 | 2021-06-23 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via... |
| CVE-2021-29085 | 2021-06-23 | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to... |
| CVE-2021-29084 | 2021-06-23 | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers... |
| CVE-2021-21998 | 2021-06-23 | VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon... |
| CVE-2021-21999 | 2021-06-23 | VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103)... |
| CVE-2021-31585 | 2021-06-23 | Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. |
| CVE-2021-31586 | 2021-06-23 | Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. |
| CVE-2021-28976 | 2021-06-23 | Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. |
| CVE-2021-28977 | 2021-06-23 | Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, |
| CVE-2021-35438 | 2021-06-23 | phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. |
| CVE-2020-20389 | 2021-06-23 | Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. |
| CVE-2020-20391 | 2021-06-23 | Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. |
| CVE-2020-20392 | 2021-06-23 | SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. |
| CVE-2021-33624 | 2021-06-23 | In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via... |
| CVE-2021-29620 | 2021-06-23 | XXE vulnerability on Launch import with externally-defined DTD file |
| CVE-2020-23962 | 2021-06-23 | A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter. |
| CVE-2020-18657 | 2021-06-23 | Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. |
| CVE-2020-18658 | 2021-06-23 | Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. |
| CVE-2020-18659 | 2021-06-23 | Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php |
| CVE-2020-18660 | 2021-06-23 | GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. |
| CVE-2021-21809 | 2021-06-23 | A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have... |
| CVE-2021-20019 | 2021-06-23 | A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. |
| CVE-2021-34067 | 2021-06-23 | Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. |
| CVE-2021-34068 | 2021-06-23 | Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. |
| CVE-2021-34069 | 2021-06-23 | Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. |
| CVE-2021-34070 | 2021-06-23 | Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. |
| CVE-2021-34071 | 2021-06-23 | Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. |
| CVE-2021-2322 | 2021-06-23 | Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful... |
| CVE-2021-32823 | 2021-06-23 | Potential Denial-of-Service in bindata |
| CVE-2021-35041 | 2021-06-23 | The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet... |
| CVE-2021-28800 | 2021-06-24 | Command Injection Vulnerability in QTS |
| CVE-2021-25649 | 2021-06-24 | Avaya Utility Services Sensitive Information Disclosure Vulnerability |
| CVE-2021-25650 | 2021-06-24 | Avaya Aura Utility Services Privilege Escalation Vulnerability |
| CVE-2021-25651 | 2021-06-24 | Avaya Aura Utility Services Privilege Escalation Vulnerability |
| CVE-2021-25652 | 2021-06-24 | Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability |
| CVE-2021-25653 | 2021-06-24 | Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability |
| CVE-2021-25655 | 2021-06-24 | URL redirection to untrusted site possible in Avaya Aura Experience Portal |
| CVE-2021-25656 | 2021-06-24 | Avaya Aura Experience Portal XSS vulnerabilities |
| CVE-2020-7862 | 2021-06-24 | HelpU Overflow Vulnerability |
| CVE-2021-21737 | 2021-06-24 | A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with... |
| CVE-2021-25923 | 2021-06-24 | In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the... |
| CVE-2021-26585 | 2021-06-24 | A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView... |
| CVE-2021-33604 | 2021-06-24 | Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 |
| CVE-2021-31412 | 2021-06-24 | Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 |
| CVE-2020-28097 | 2021-06-24 | The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. |
| CVE-2021-29968 | 2021-06-24 | When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability... |
| CVE-2021-29967 | 2021-06-24 | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort... |
| CVE-2021-29966 | 2021-06-24 | Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could... |
| CVE-2021-29965 | 2021-06-24 | A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website... |
| CVE-2021-29964 | 2021-06-24 | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*.... |
| CVE-2021-29963 | 2021-06-24 | Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects... |
| CVE-2021-29962 | 2021-06-24 | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects... |
| CVE-2021-29961 | 2021-06-24 | When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. |
| CVE-2021-29960 | 2021-06-24 | Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques... |
| CVE-2021-29959 | 2021-06-24 | When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This... |
| CVE-2021-29958 | 2021-06-24 | When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing... |
| CVE-2021-29957 | 2021-06-24 | If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the... |
| CVE-2021-29956 | 2021-06-24 | OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those... |
| CVE-2021-29955 | 2021-06-24 | A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability,... |
| CVE-2021-29954 | 2021-06-24 | Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255. |
| CVE-2021-29953 | 2021-06-24 | A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This... |
| CVE-2021-29952 | 2021-06-24 | When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This... |
| CVE-2021-29951 | 2021-06-24 | The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to... |
| CVE-2021-29950 | 2021-06-24 | Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain... |
| CVE-2021-29949 | 2021-06-24 | When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has... |
| CVE-2021-29948 | 2021-06-24 | Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This... |
| CVE-2021-29947 | 2021-06-24 | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2021-29946 | 2021-06-24 | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects... |
| CVE-2021-29945 | 2021-06-24 | The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms.... |
| CVE-2021-29944 | 2021-06-24 | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This... |
| CVE-2021-24002 | 2021-06-24 | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent... |
| CVE-2021-24001 | 2021-06-24 | A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability... |
| CVE-2021-24000 | 2021-06-24 | A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain... |
| CVE-2021-23999 | 2021-06-24 | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to... |
| CVE-2021-23998 | 2021-06-24 | Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10,... |
| CVE-2021-23997 | 2021-06-24 | Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run... |
| CVE-2021-23996 | 2021-06-24 | By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or... |
| CVE-2021-23995 | 2021-06-24 | When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code.... |
| CVE-2021-23994 | 2021-06-24 | A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox... |
| CVE-2021-23993 | 2021-06-24 | An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that... |
| CVE-2021-23992 | 2021-06-24 | Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by... |
| CVE-2021-23991 | 2021-06-24 | If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an... |
| CVE-2021-27658 | 2021-06-24 | exacqVision Enterprise Manager CSS |
| CVE-2021-27659 | 2021-06-24 | exacqVision Web Service CSS |
| CVE-2021-33348 | 2021-06-24 | An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities... |
| CVE-2020-21788 | 2021-06-24 | In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. |
| CVE-2020-21787 | 2021-06-24 | CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. |
| CVE-2020-18661 | 2021-06-24 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php. |
| CVE-2021-23398 | 2021-06-24 | Cross-site Scripting (XSS) |
| CVE-2020-18662 | 2021-06-24 | SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. |