CVE List - 2021 / June
Showing 201 - 300 of 1691 CVEs for June 2021 (Page 3 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-33840 | 2021-06-03 | The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital... |
| CVE-2021-33839 | 2021-06-03 | Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR... |
| CVE-2021-33838 | 2021-06-03 | Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number Registration. |
| CVE-2021-30475 | 2021-06-04 | aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow. |
| CVE-2021-3489 | 2021-06-04 | Linux kernel eBPF RINGBUF map oversized allocation |
| CVE-2021-3490 | 2021-06-04 | Linux kernel eBPF bitwise ops ALU32 bounds tracking |
| CVE-2021-3491 | 2021-06-04 | Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass |
| CVE-2020-15077 | 2021-06-04 | OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to... |
| CVE-2020-36382 | 2021-06-04 | OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user... |
| CVE-2021-26994 | 2021-06-04 | Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. |
| CVE-2021-3565 | 2021-06-04 | A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap... |
| CVE-2020-7469 | 2021-06-04 | In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet... |
| CVE-2021-22516 | 2021-06-04 | Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log... |
| CVE-2020-27301 | 2021-06-04 | A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted... |
| CVE-2020-27302 | 2021-06-04 | A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted... |
| CVE-2021-27657 | 2021-06-04 | Metasys Improper Privilege Management |
| CVE-2021-28091 | 2021-06-04 | Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. |
| CVE-2021-33054 | 2021-06-04 | SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could... |
| CVE-2020-36142 | 2021-06-04 | BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. |
| CVE-2020-36141 | 2021-06-04 | BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header. |
| CVE-2020-36140 | 2021-06-04 | BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely). |
| CVE-2020-36139 | 2021-06-04 | BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter. |
| CVE-2021-1502 | 2021-06-04 | Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability |
| CVE-2021-1503 | 2021-06-04 | Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability |
| CVE-2021-1517 | 2021-06-04 | Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerability |
| CVE-2021-1525 | 2021-06-04 | Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability |
| CVE-2021-1526 | 2021-06-04 | Cisco Webex Player Memory Corruption Vulnerability |
| CVE-2021-1527 | 2021-06-04 | Cisco Webex Player Memory Corruption Vulnerability |
| CVE-2021-1528 | 2021-06-04 | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2021-1536 | 2021-06-04 | Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability |
| CVE-2021-1537 | 2021-06-04 | Cisco ThousandEyes Recorder Information Disclosure Vulnerability |
| CVE-2021-1538 | 2021-06-04 | Cisco Common Services Platform Collector Command Injection Vulnerability |
| CVE-2021-1539 | 2021-06-04 | Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities |
| CVE-2021-1540 | 2021-06-04 | Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities |
| CVE-2021-1544 | 2021-06-04 | Cisco Webex Meetings Client Software Logging Information Disclosure Vulnerability |
| CVE-2021-1563 | 2021-06-04 | Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery and Link Layer Discovery Protocol Memory Leak Vulnerabilities |
| CVE-2021-1564 | 2021-06-04 | Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery and Link Layer Discovery Protocol Memory Leak Vulnerabilities |
| CVE-2021-30506 | 2021-06-04 | Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts... |
| CVE-2021-30507 | 2021-06-04 | Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML... |
| CVE-2021-30508 | 2021-06-04 | Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption... |
| CVE-2021-30509 | 2021-06-04 | Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of... |
| CVE-2021-30510 | 2021-06-04 | Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30511 | 2021-06-04 | Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of... |
| CVE-2021-30512 | 2021-06-04 | Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2021-30513 | 2021-06-04 | Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30514 | 2021-06-04 | Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2021-30515 | 2021-06-04 | Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30516 | 2021-06-04 | Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2021-30517 | 2021-06-04 | Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30518 | 2021-06-04 | Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30519 | 2021-06-04 | Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via... |
| CVE-2021-30520 | 2021-06-04 | Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2020-29322 | 2021-06-04 | The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to... |
| CVE-2020-29323 | 2021-06-04 | The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and... |
| CVE-2020-29324 | 2021-06-04 | The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and... |
| CVE-2020-29321 | 2021-06-04 | The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to... |
| CVE-2021-29500 | 2021-06-04 | Missing validation of JWT signature |
| CVE-2021-26928 | 2021-06-04 | BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations,... |
| CVE-2021-31252 | 2021-06-04 | An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a... |
| CVE-2021-31251 | 2021-06-04 | An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by... |
| CVE-2021-31250 | 2021-06-04 | Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components... |
| CVE-2021-31249 | 2021-06-04 | A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on... |
| CVE-2021-32641 | 2021-06-04 | Reflected XSS when using flashMessages |
| CVE-2021-32198 | 2021-06-06 | EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which... |
| CVE-2021-31701 | 2021-06-06 | Mintty before 3.4.7 mishandles Bracketed Paste Mode. |
| CVE-2021-33880 | 2021-06-06 | The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess... |
| CVE-2021-33881 | 2021-06-06 | On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The... |
| CVE-2021-33879 | 2021-06-06 | Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package,... |
| CVE-2017-20005 | 2021-06-06 | NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or... |
| CVE-2021-33898 | 2021-06-06 | In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain contexts, this can result... |
| CVE-2020-36385 | 2021-06-07 | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called,... |
| CVE-2021-30528 | 2021-06-07 | Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a... |
| CVE-2020-26885 | 2021-06-07 | An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript... |
| CVE-2021-28382 | 2021-06-07 | Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. |
| CVE-2020-36384 | 2021-06-07 | PageLayer before 1.3.5 allows reflected XSS via color settings. |
| CVE-2020-36383 | 2021-06-07 | PageLayer before 1.3.5 allows reflected XSS via the font-size parameter. |
| CVE-2021-24336 | 2021-06-07 | FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection |
| CVE-2021-24337 | 2021-06-07 | Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection |
| CVE-2021-24340 | 2021-06-07 | WP Statistics < 13.0.8 - Unauthenticated SQL Injection |
| CVE-2021-24342 | 2021-06-07 | JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24343 | 2021-06-07 | iFlyChat – WordPress Chat < 4.7.0 - Admin+ Stored Cross-Site Scripting (XSS) |
| CVE-2021-24344 | 2021-06-07 | Easy Preloader <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-33904 | 2021-06-07 | In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them... |
| CVE-2021-29099 | 2021-06-07 | There is a SQL injection vulnerability in ArcGIS Server |
| CVE-2021-22222 | 2021-06-07 | Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file |
| CVE-2021-20698 | 2021-06-07 | Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and... |
| CVE-2021-20699 | 2021-06-07 | Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and... |
| CVE-2020-5008 | 2021-06-07 | IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the... |
| CVE-2021-20517 | 2021-06-07 | IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences... |
| CVE-2020-1719 | 2021-06-07 | A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to... |
| CVE-2021-33896 | 2021-06-07 | Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. |
| CVE-2020-18264 | 2021-06-07 | Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". |
| CVE-2020-18265 | 2021-06-07 | Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". |
| CVE-2020-18268 | 2021-06-07 | Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php." |
| CVE-2021-29621 | 2021-06-07 | Observable Response Discrepancy in Flask-AppBuilder |
| CVE-2019-25045 | 2021-06-07 | An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. |
| CVE-2020-36387 | 2021-06-07 | An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. |
| CVE-2020-36386 | 2021-06-07 | An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. |
| CVE-2018-25015 | 2021-06-07 | An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. |
| CVE-2021-30521 | 2021-06-07 | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |