CVE List - 2021 / June
Showing 1501 - 1600 of 1691 CVEs for June 2021 (Page 16 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-32496 | 2021-06-28 | SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of... |
| CVE-2021-35514 | 2021-06-28 | Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. |
| CVE-2021-29157 | 2021-06-28 | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This... |
| CVE-2021-33515 | 2021-06-28 | The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. |
| CVE-2020-28200 | 2021-06-28 | The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. |
| CVE-2021-31337 | 2021-06-28 | The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device... |
| CVE-2020-15303 | 2021-06-28 | Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. |
| CVE-2021-21083 | 2021-06-28 | Adobe Experience Manager broken access control in DSRPReindexServlet could lead to denial-of-service |
| CVE-2021-21101 | 2021-06-28 | Adobe Illustrator TTF font parsing out-of-bounds write vulnerability could lead to remote code execution |
| CVE-2021-21098 | 2021-06-28 | Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution |
| CVE-2021-28556 | 2021-06-28 | Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution |
| CVE-2021-21099 | 2021-06-28 | Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution |
| CVE-2021-28563 | 2021-06-28 | Magento Commerce improper Authorization via the 'Create Customer' endpoint |
| CVE-2021-21090 | 2021-06-28 | Adobe InCopy DOCX file parsing directory traversal vulnerability could lead to remote code execution |
| CVE-2021-21102 | 2021-06-28 | Adobe Illustrator DOCX file parsing directory traversal vulnerability could lead to remote code execution |
| CVE-2021-28562 | 2021-06-28 | Adobe Acrobat Reader use-after-free could lead to arbitrary code execution |
| CVE-2021-28573 | 2021-06-28 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure |
| CVE-2021-28583 | 2021-06-28 | Magento Commerce insecure storage of sensitive documentation |
| CVE-2021-28575 | 2021-06-28 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure |
| CVE-2021-28585 | 2021-06-28 | Magento Commerce improper input validation in customer customer webapi |
| CVE-2021-28587 | 2021-06-28 | Adobe After Effects TIF file parsing out-of-bounds read information disclosure vulnerability |
| CVE-2021-28576 | 2021-06-28 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure |
| CVE-2021-28570 | 2021-06-28 | Adobe After Effects uncontrolled search path element vulnerability could lead to remote code execution |
| CVE-2021-28584 | 2021-06-28 | Magento Commerce path traversal vulnerability in child theme store creation |
| CVE-2021-28574 | 2021-06-28 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure |
| CVE-2021-28586 | 2021-06-28 | Adobe After Effects PDF file parsing out-of-bounds write could lead to remote code execution vulnerability |
| CVE-2021-21084 | 2021-06-28 | Adobe Experience Manager stored cross-site scripting vulnerability in resource resolver factory could lead to arbitrary code execution |
| CVE-2021-28579 | 2021-06-28 | Adobe Connect improper access control could lead to privilege escalation |
| CVE-2021-28588 | 2021-06-28 | Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability |
| CVE-2021-28597 | 2021-06-28 | Adobe Photoshop Elements Privilege Escalation Vulnerability - symbolic link |
| CVE-2021-28623 | 2021-06-28 | Adobe Premiere Elements Privilege Escalation Vulnerability |
| CVE-2021-35456 | 2021-06-28 | Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload |
| CVE-2021-32718 | 2021-06-28 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI |
| CVE-2020-23710 | 2021-06-28 | Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. |
| CVE-2021-32719 | 2021-06-28 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin |
| CVE-2021-34254 | 2021-06-28 | Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. |
| CVE-2021-34187 | 2021-06-28 | main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. |
| CVE-2021-20413 | 2021-06-28 | IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be... |
| CVE-2021-29693 | 2021-06-28 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability... |
| CVE-2021-29751 | 2021-06-28 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault... |
| CVE-2021-29775 | 2021-06-28 | IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code... |
| CVE-2020-23711 | 2021-06-28 | SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. |
| CVE-2021-20494 | 2021-06-28 | IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the... |
| CVE-2021-20572 | 2021-06-28 | IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the... |
| CVE-2021-20573 | 2021-06-28 | IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the... |
| CVE-2021-20574 | 2021-06-28 | IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this... |
| CVE-2021-35523 | 2021-06-28 | Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration... |
| CVE-2020-23715 | 2021-06-28 | Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. |
| CVE-2020-20640 | 2021-06-28 | Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of... |
| CVE-2021-35525 | 2021-06-28 | PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this... |
| CVE-2020-22607 | 2021-06-28 | Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php. |
| CVE-2020-22608 | 2021-06-28 | Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php. |
| CVE-2020-22609 | 2021-06-28 | Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php. |
| CVE-2021-32720 | 2021-06-28 | List of order ids, number, items total and token value exposed for unauthorized uses via new API |
| CVE-2021-35303 | 2021-06-28 | Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. |
| CVE-2021-35302 | 2021-06-28 | Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information. |
| CVE-2021-35301 | 2021-06-28 | Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view. |
| CVE-2021-35300 | 2021-06-28 | Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page. |
| CVE-2021-35299 | 2021-06-28 | Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. |
| CVE-2021-35298 | 2021-06-28 | Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store... |
| CVE-2020-21142 | 2021-06-28 | Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. |
| CVE-2021-32723 | 2021-06-28 | Regular Expression Denial of Service (ReDoS) in Prism |
| CVE-2021-32722 | 2021-06-28 | Uncontrolled Resource Consumption in GlobalNewFiles |
| CVE-2021-1134 | 2021-06-29 | Cisco DNA Center Certificate Validation Vulnerability |
| CVE-2021-31838 | 2021-06-29 | Command injection through environment variable in MVISION EDR |
| CVE-2021-33503 | 2021-06-29 | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a... |
| CVE-2021-34548 | 2021-06-29 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. |
| CVE-2021-34549 | 2021-06-29 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit... |
| CVE-2021-34550 | 2021-06-29 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor |
| CVE-2021-28690 | 2021-06-29 | x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX... |
| CVE-2021-28691 | 2021-06-29 | Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue... |
| CVE-2021-23400 | 2021-06-29 | HTTP Header Injection |
| CVE-2021-27577 | 2021-06-29 | Incorrect handling of url fragment leads to cache poisoning |
| CVE-2021-32565 | 2021-06-29 | HTTP Request Smuggling, content length with invalid charters |
| CVE-2021-22545 | 2021-06-29 | Use-after-free in BinDiff |
| CVE-2020-7871 | 2021-06-29 | A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions... |
| CVE-2021-31160 | 2021-06-29 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. |
| CVE-2021-31530 | 2021-06-29 | Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. |
| CVE-2021-31531 | 2021-06-29 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). |
| CVE-2020-7870 | 2021-06-29 | A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter. |
| CVE-2021-34824 | 2021-06-29 | Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. |
| CVE-2020-7868 | 2021-06-29 | Helpu remote code execution vulnerability |
| CVE-2020-7869 | 2021-06-29 | An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to... |
| CVE-2021-31505 | 2021-06-29 | This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2021-31506 | 2021-06-29 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2021-31507 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31508 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31509 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-31510 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2021-31511 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2021-31512 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2021-31513 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2021-31514 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2021-31515 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in... |
| CVE-2021-31516 | 2021-06-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in... |
| CVE-2021-29479 | 2021-06-29 | Cached redirect poisoning via X-Forwarded-Host header |
| CVE-2021-32990 | 2021-06-29 | FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. |
| CVE-2021-32992 | 2021-06-29 | FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code. |
| CVE-2021-32988 | 2021-06-29 | FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. |
| CVE-2021-21871 | 2021-06-29 | A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide... |