CVE List - 2021 / June
Showing 1401 - 1500 of 1691 CVEs for June 2021 (Page 15 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-33346 | 2021-06-24 | There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. |
| CVE-2020-18663 | 2021-06-24 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php. |
| CVE-2021-31649 | 2021-06-24 | In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute |
| CVE-2020-21783 | 2021-06-24 | In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter. |
| CVE-2020-21786 | 2021-06-24 | In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. |
| CVE-2020-21785 | 2021-06-24 | In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. |
| CVE-2020-18664 | 2021-06-24 | Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn. |
| CVE-2020-21784 | 2021-06-24 | phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. |
| CVE-2020-18665 | 2021-06-24 | Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings. |
| CVE-2020-18667 | 2021-06-24 | SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. |
| CVE-2021-32704 | 2021-06-24 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in dhis2-core |
| CVE-2021-32708 | 2021-06-24 | Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem |
| CVE-2021-21571 | 2021-06-24 | Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability... |
| CVE-2021-21572 | 2021-06-24 | Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass... |
| CVE-2021-21573 | 2021-06-24 | Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass... |
| CVE-2021-21574 | 2021-06-24 | Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass... |
| CVE-2021-33000 | 2021-06-24 | Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI... |
| CVE-2021-33004 | 2021-06-24 | The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction... |
| CVE-2020-18668 | 2021-06-24 | Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls. |
| CVE-2021-33002 | 2021-06-24 | Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions... |
| CVE-2021-3500 | 2021-06-24 | A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. |
| CVE-2020-18670 | 2021-06-24 | Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. |
| CVE-2021-32491 | 2021-06-24 | A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. |
| CVE-2020-18671 | 2021-06-24 | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. |
| CVE-2021-32490 | 2021-06-24 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. |
| CVE-2021-32492 | 2021-06-24 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. |
| CVE-2021-32493 | 2021-06-24 | A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. |
| CVE-2020-4885 | 2021-06-24 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition... |
| CVE-2020-4945 | 2021-06-24 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945. |
| CVE-2021-20579 | 2021-06-24 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function... |
| CVE-2021-29703 | 2021-06-24 | Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM... |
| CVE-2021-29777 | 2021-06-24 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another... |
| CVE-2021-32709 | 2021-06-24 | Creation of order credits was not validated by acl in admin orders |
| CVE-2020-17759 | 2021-06-24 | An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on... |
| CVE-2020-17753 | 2021-06-24 | An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address. |
| CVE-2020-17752 | 2021-06-24 | Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON). |
| CVE-2021-35448 | 2021-06-24 | Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local... |
| CVE-2021-32710 | 2021-06-24 | Potential Session Hijacking in Shopware |
| CVE-2021-32711 | 2021-06-24 | Leak of information via Store-API |
| CVE-2021-32713 | 2021-06-24 | Authenticated Stored XSS |
| CVE-2021-32712 | 2021-06-24 | Information leakage in Error Handler |
| CVE-2021-32716 | 2021-06-24 | Internal hidden fields are visible on to many associations in admin api |
| CVE-2021-32717 | 2021-06-24 | Private files publicly accessible with Cloud Storage providers |
| CVE-2021-33895 | 2021-06-25 | ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system... |
| CVE-2021-34427 | 2021-06-25 | In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP... |
| CVE-2021-35475 | 2021-06-25 | SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. |
| CVE-2021-35048 | 2021-06-25 | Unauthenticated SQL Injection Vulnerability in Fidelis Network and Deception |
| CVE-2021-35047 | 2021-06-25 | Privileged Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2021-35050 | 2021-06-25 | User Credentials Stored in a Recoverable Format within Fidelis Network and Deception |
| CVE-2021-35049 | 2021-06-25 | Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2021-28958 | 2021-06-25 | Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. |
| CVE-2021-31615 | 2021-06-25 | Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening... |
| CVE-2020-26801 | 2021-06-25 | A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users' information via a crafted... |
| CVE-2021-27040 | 2021-06-25 | A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. |
| CVE-2021-27041 | 2021-06-25 | A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code |
| CVE-2021-27042 | 2021-06-25 | A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG... |
| CVE-2021-27043 | 2021-06-25 | An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the... |
| CVE-2021-34185 | 2021-06-25 | Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h |
| CVE-2021-34184 | 2021-06-25 | Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. |
| CVE-2021-34074 | 2021-06-25 | PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. |
| CVE-2021-35501 | 2021-06-25 | PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will... |
| CVE-2021-3314 | 2021-06-25 | Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back... |
| CVE-2021-32702 | 2021-06-25 | Reflected XSS from the callback handler's error query parameter |
| CVE-2020-4609 | 2021-06-25 | IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute... |
| CVE-2020-4610 | 2021-06-25 | IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919. |
| CVE-2021-20583 | 2021-06-25 | IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID:... |
| CVE-2021-29676 | 2021-06-25 | IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit... |
| CVE-2021-29677 | 2021-06-25 | IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2021-21002 | 2021-06-25 | Denial of Service in Phoenix Contact FL COMSERVER UNI products |
| CVE-2021-21003 | 2021-06-25 | Denial of Service Vulnerability in Phoenix Contact FL SWITCH SMCS series products |
| CVE-2021-21004 | 2021-06-25 | Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products |
| CVE-2021-21005 | 2021-06-25 | Race Condition Vulnerability in Phoenix Contact FL SWITCH SMCS series products |
| CVE-2021-33528 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability |
| CVE-2021-33529 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability |
| CVE-2021-33530 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability |
| CVE-2021-33531 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability |
| CVE-2021-33532 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability |
| CVE-2021-33533 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability |
| CVE-2021-33534 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability |
| CVE-2021-33535 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability |
| CVE-2021-33536 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability |
| CVE-2021-33537 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability |
| CVE-2021-33538 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by improper access control vulnerability |
| CVE-2021-33539 | 2021-06-25 | WEIDMUELLER: WLAN devices affected by authentication bypass vulnerability |
| CVE-2021-33540 | 2021-06-25 | Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices |
| CVE-2021-33541 | 2021-06-25 | Phoenix Contact: ILC1x Industrial controllers affected by Denial-of-Service vulnerability |
| CVE-2021-33542 | 2021-06-25 | Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability |
| CVE-2021-1073 | 2021-06-25 | NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same... |
| CVE-2021-25654 | 2021-06-25 | Avaya Aura Device Services Arbitrary Code Execution Vulnerability |
| CVE-2021-35502 | 2021-06-25 | app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. |
| CVE-2021-35513 | 2021-06-27 | Mermaid before 8.11.0 allows XSS when the antiscript feature is used. |
| CVE-2021-20740 | 2021-06-28 | Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions... |
| CVE-2021-20745 | 2021-06-28 | Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe... |
| CVE-2021-20746 | 2021-06-28 | Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20749 | 2021-06-28 | Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated... |
| CVE-2021-20750 | 2021-06-28 | Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by... |
| CVE-2021-20751 | 2021-06-28 | Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a... |
| CVE-2021-23399 | 2021-06-28 | Arbitrary Command Injection |
| CVE-2021-20099 | 2021-06-28 | Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the... |
| CVE-2021-20100 | 2021-06-28 | Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the... |