CVE List - 2021 / June
Showing 301 - 400 of 1691 CVEs for June 2021 (Page 4 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-30522 | 2021-06-07 | Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30523 | 2021-06-07 | Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. |
| CVE-2021-30524 | 2021-06-07 | Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30525 | 2021-06-07 | Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30526 | 2021-06-07 | Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds... |
| CVE-2021-30527 | 2021-06-07 | Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30529 | 2021-06-07 | Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-30530 | 2021-06-07 | Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
| CVE-2021-30531 | 2021-06-07 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2021-30532 | 2021-06-07 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2021-30534 | 2021-06-07 | Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2021-30533 | 2021-06-07 | Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. |
| CVE-2021-30535 | 2021-06-07 | Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-30536 | 2021-06-07 | Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. |
| CVE-2021-30537 | 2021-06-07 | Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. |
| CVE-2021-30538 | 2021-06-07 | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2021-30539 | 2021-06-07 | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2021-30540 | 2021-06-07 | Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2021-30542 | 2021-06-07 | Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2021-30543 | 2021-06-07 | Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2020-1690 | 2021-06-07 | An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or... |
| CVE-2020-1742 | 2021-06-07 | An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions... |
| CVE-2020-1750 | 2021-06-07 | A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw... |
| CVE-2020-25716 | 2021-06-07 | A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted... |
| CVE-2021-20259 | 2021-06-07 | A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from... |
| CVE-2021-23391 | 2021-06-07 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2021-29504 | 2021-06-07 | Improper Certificate Validation in WP-CLI framework |
| CVE-2021-3277 | 2021-06-07 | Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by... |
| CVE-2021-32670 | 2021-06-07 | Reflected cross-site scripting issue in Datasette |
| CVE-2021-32671 | 2021-06-07 | XSS vulnerability with translator |
| CVE-2021-26078 | 2021-06-07 | The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote... |
| CVE-2021-26080 | 2021-06-07 | EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML... |
| CVE-2021-26079 | 2021-06-07 | The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to... |
| CVE-2021-23169 | 2021-06-08 | A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the... |
| CVE-2021-23215 | 2021-06-08 | An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled... |
| CVE-2021-26260 | 2021-06-08 | An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled... |
| CVE-2021-31807 | 2021-06-08 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP... |
| CVE-2021-33560 | 2021-06-08 | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.... |
| CVE-2021-33571 | 2021-06-08 | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass... |
| CVE-2021-28810 | 2021-06-08 | Vulnerability in Roon Server |
| CVE-2021-28811 | 2021-06-08 | Vulnerability in Roon Server |
| CVE-2021-23392 | 2021-06-08 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-31738 | 2021-06-08 | Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. |
| CVE-2021-22116 | 2021-06-08 | RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit... |
| CVE-2021-26945 | 2021-06-08 | An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. |
| CVE-2021-3564 | 2021-06-08 | A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use... |
| CVE-2021-22212 | 2021-06-08 | ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load... |
| CVE-2020-26516 | 2021-06-08 | A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be... |
| CVE-2021-32106 | 2021-06-08 | In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get... |
| CVE-2020-26517 | 2021-06-08 | A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to... |
| CVE-2020-26515 | 2021-06-08 | An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to... |
| CVE-2021-22548 | 2021-06-08 | Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall |
| CVE-2021-22549 | 2021-06-08 | Arbitrary enclave memory overwrite vulnerability in Asylo TrustedPrimitives::UntrustedCall |
| CVE-2021-22550 | 2021-06-08 | Enclave memory overwrite/overread vulnerability in Asylo UntrustedCacheMalloc::GetBuffer |
| CVE-2021-30357 | 2021-06-08 | SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not... |
| CVE-2021-34280 | 2021-06-08 | Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. To exploit the vulnerability, someone must open a crafted... |
| CVE-2021-33175 | 2021-06-08 | EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These... |
| CVE-2021-33176 | 2021-06-08 | VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These... |
| CVE-2021-22214 | 2021-06-08 | When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an... |
| CVE-2021-22218 | 2021-06-08 | All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue... |
| CVE-2021-33190 | 2021-06-08 | Bypass network access control |
| CVE-2021-22215 | 2021-06-08 | An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects |
| CVE-2021-32015 | 2021-06-08 | In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1... |
| CVE-2021-32673 | 2021-06-08 | Remote Command Execution in reg-keygen-git-hash-plugin |
| CVE-2020-26138 | 2021-06-08 | In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation. |
| CVE-2021-32674 | 2021-06-08 | Remote Code Execution via traversal in TAL expressions |
| CVE-2021-33203 | 2021-06-08 | Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary... |
| CVE-2020-25817 | 2021-06-08 | SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this... |
| CVE-2021-28293 | 2021-06-08 | Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password... |
| CVE-2021-22213 | 2021-06-08 | A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to... |
| CVE-2021-21558 | 2021-06-08 | Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP... |
| CVE-2021-21559 | 2021-06-08 | Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in... |
| CVE-2021-22217 | 2021-06-08 | A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or... |
| CVE-2021-32658 | 2021-06-08 | Sensitive data may not be removed from storage on account removal |
| CVE-2021-26471 | 2021-06-08 | Unauthenticated remote command execution in Vembu products |
| CVE-2021-26472 | 2021-06-08 | Unauthenticated remote command execution with SYSTEM privileges in Vembu products |
| CVE-2021-22219 | 2021-06-08 | All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user... |
| CVE-2021-26473 | 2021-06-08 | Unauthenticated arbitrary file upload and command execution in Vembu products |
| CVE-2021-26474 | 2021-06-08 | UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS |
| CVE-2021-22221 | 2021-06-08 | An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient... |
| CVE-2020-28713 | 2021-06-08 | Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote... |
| CVE-2021-22220 | 2021-06-08 | An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks. |
| CVE-2021-22216 | 2021-06-08 | A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or... |
| CVE-2020-26136 | 2021-06-08 | In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. |
| CVE-2021-27387 | 2021-06-08 | A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when... |
| CVE-2021-27390 | 2021-06-08 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when... |
| CVE-2021-27399 | 2021-06-08 | A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when... |
| CVE-2021-31340 | 2021-06-08 | A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1... |
| CVE-2021-31342 | 2021-06-08 | The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT... |
| CVE-2021-31343 | 2021-06-08 | The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT... |
| CVE-2021-33712 | 2021-06-08 | A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an... |
| CVE-2021-26414 | 2021-06-08 | Windows DCOM Server Security Feature Bypass |
| CVE-2021-1675 | 2021-06-08 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2021-26420 | 2021-06-08 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-31199 | 2021-06-08 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
| CVE-2021-31201 | 2021-06-08 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
| CVE-2021-31938 | 2021-06-08 | Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability |
| CVE-2021-31939 | 2021-06-08 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-31940 | 2021-06-08 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2021-31941 | 2021-06-08 | Microsoft Office Graphics Remote Code Execution Vulnerability |