CVE List - 2021 / June
Showing 801 - 900 of 1691 CVEs for June 2021 (Page 9 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-22912 | 2021-06-11 | Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a... |
| CVE-2021-22913 | 2021-06-11 | Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a... |
| CVE-2021-22895 | 2021-06-11 | Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. |
| CVE-2021-22896 | 2021-06-11 | Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. |
| CVE-2021-22897 | 2021-06-11 | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel... |
| CVE-2021-22901 | 2021-06-11 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can... |
| CVE-2021-22902 | 2021-06-11 | The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type... |
| CVE-2021-22903 | 2021-06-11 | The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware... |
| CVE-2021-22904 | 2021-06-11 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive... |
| CVE-2021-22915 | 2021-06-11 | Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker... |
| CVE-2021-22905 | 2021-06-11 | Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local... |
| CVE-2021-22906 | 2021-06-11 | Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. |
| CVE-2021-20591 | 2021-06-11 | Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote... |
| CVE-2021-21833 | 2021-06-11 | An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can... |
| CVE-2021-21824 | 2021-06-11 | An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious... |
| CVE-2021-21808 | 2021-06-11 | A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide... |
| CVE-2021-21795 | 2021-06-11 | A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads... |
| CVE-2021-32932 | 2021-06-11 | The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). |
| CVE-2021-32930 | 2021-06-11 | The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). |
| CVE-2021-27408 | 2021-06-11 | The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn... |
| CVE-2021-27410 | 2021-06-11 | The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service... |
| CVE-2019-9475 | 2021-06-11 | In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0466 | 2021-06-11 | In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no... |
| CVE-2021-0476 | 2021-06-11 | In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0481 | 2021-06-11 | In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0482 | 2021-06-11 | In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0484 | 2021-06-11 | In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution... |
| CVE-2021-0472 | 2021-06-11 | In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with... |
| CVE-2021-0473 | 2021-06-11 | In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User... |
| CVE-2021-0474 | 2021-06-11 | In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges... |
| CVE-2021-0475 | 2021-06-11 | In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed.... |
| CVE-2021-0477 | 2021-06-11 | In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2021-0480 | 2021-06-11 | In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2021-0485 | 2021-06-11 | In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional... |
| CVE-2021-0487 | 2021-06-11 | In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation... |
| CVE-2021-0492 | 2021-06-11 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0489 | 2021-06-11 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0490 | 2021-06-11 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0491 | 2021-06-11 | In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0493 | 2021-06-11 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0494 | 2021-06-11 | In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0495 | 2021-06-11 | In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0496 | 2021-06-11 | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0497 | 2021-06-11 | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0498 | 2021-06-11 | In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2020-7860 | 2021-06-11 | UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary... |
| CVE-2021-27200 | 2021-06-11 | In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day. |
| CVE-2021-3256 | 2021-06-11 | KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. |
| CVE-2021-34679 | 2021-06-11 | Thycotic Password Reset Server before 5.3.0 allows credential disclosure. |
| CVE-2021-21382 | 2021-06-11 | Unsafe loopback forwarding interface in Restund |
| CVE-2020-12980 | 2021-06-11 | An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
| CVE-2020-12981 | 2021-06-11 | An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can... |
| CVE-2020-12982 | 2021-06-11 | An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
| CVE-2020-12983 | 2021-06-11 | An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service. |
| CVE-2020-12985 | 2021-06-11 | An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
| CVE-2020-12986 | 2021-06-11 | An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service. |
| CVE-2020-12987 | 2021-06-11 | A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass. |
| CVE-2020-12988 | 2021-06-11 | A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted. |
| CVE-2021-32547 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32548 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32549 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32550 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32551 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32552 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32553 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32554 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32555 | 2021-06-12 | apport read_file() function could follow maliciously constructed symbolic links |
| CVE-2021-32556 | 2021-06-12 | apport get_modified_conffiles() function command injection |
| CVE-2021-32557 | 2021-06-12 | apport process_report() arbitrary file write |
| CVE-2021-31811 | 2021-06-12 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file |
| CVE-2021-31812 | 2021-06-12 | A carefully crafted PDF file can trigger an infinite loop while loading the file |
| CVE-2021-34682 | 2021-06-12 | Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. |
| CVE-2021-23394 | 2021-06-13 | Remote Code Execution (RCE) |
| CVE-2021-34693 | 2021-06-14 | net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. |
| CVE-2021-21439 | 2021-06-14 | Possible DoS attack using a special crafted URL in email body |
| CVE-2021-24341 | 2021-06-14 | Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection |
| CVE-2021-24345 | 2021-06-14 | Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection |
| CVE-2021-24346 | 2021-06-14 | Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24347 | 2021-06-14 | SP Project & Document Manager <2 4.22 - Authenticated Shell Upload |
| CVE-2021-24348 | 2021-06-14 | Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection |
| CVE-2021-24349 | 2021-06-14 | Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24350 | 2021-06-14 | Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24351 | 2021-06-14 | The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24352 | 2021-06-14 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export |
| CVE-2021-24353 | 2021-06-14 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import |
| CVE-2021-24354 | 2021-06-14 | Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation |
| CVE-2021-24355 | 2021-06-14 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value |
| CVE-2021-24356 | 2021-06-14 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation |
| CVE-2021-24357 | 2021-06-14 | FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24358 | 2021-06-14 | The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect |
| CVE-2021-24359 | 2021-06-14 | The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending |
| CVE-2021-24360 | 2021-06-14 | Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection |
| CVE-2021-24382 | 2021-06-14 | Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-32682 | 2021-06-14 | Multiple vulnerabilities leading to RCE |
| CVE-2021-21554 | 2021-06-14 | Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent... |
| CVE-2021-21555 | 2021-06-14 | Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with... |
| CVE-2021-21556 | 2021-06-14 | Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with... |
| CVE-2021-21557 | 2021-06-14 | Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to... |
| CVE-2021-0324 | 2021-06-14 | Product: AndroidVersions: Android SoCAndroid ID: A-175402462 |
| CVE-2021-0467 | 2021-06-14 | In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical... |