IDCVSSSummaryLast (major) updatePublished
CVE-2021-3492 None
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacke
17-04-2021 - 05:15 17-04-2021 - 05:15
CVE-2021-3493 None
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a pat
17-04-2021 - 05:15 17-04-2021 - 05:15
CVE-2020-36195 None
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulne
17-04-2021 - 04:15 17-04-2021 - 04:15
CVE-2020-2509 None
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following v
17-04-2021 - 04:15 17-04-2021 - 04:15
CVE-2021-29446 None
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verifi
16-04-2021 - 23:15 16-04-2021 - 22:15
CVE-2021-29452 None
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly
16-04-2021 - 22:15 16-04-2021 - 22:15
CVE-2021-29445 None
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verifi
16-04-2021 - 22:15 16-04-2021 - 22:15
CVE-2021-29444 None
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verific
16-04-2021 - 22:15 16-04-2021 - 22:15
CVE-2021-29451 None
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
16-04-2021 - 22:15 16-04-2021 - 22:15
CVE-2020-16599 4.3
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a
16-04-2021 - 22:15 09-12-2020 - 21:15
CVE-2020-16591 4.3
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
16-04-2021 - 22:15 09-12-2020 - 21:15
CVE-2020-16593 4.3
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted fi
16-04-2021 - 22:15 09-12-2020 - 21:15
CVE-2020-16590 4.3
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
16-04-2021 - 22:15 09-12-2020 - 21:15
CVE-2019-6836 5.0
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch
16-04-2021 - 22:15 17-09-2019 - 20:15
CVE-2019-6838 5.5
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch
16-04-2021 - 22:15 17-09-2019 - 20:15
CVE-2021-28475 6.8
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477.
16-04-2021 - 21:22 13-04-2021 - 20:15
CVE-2021-28477 6.8
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475.
16-04-2021 - 21:22 13-04-2021 - 20:15
CVE-2021-28473 6.8
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477.
16-04-2021 - 21:21 13-04-2021 - 20:15
CVE-2020-36120 5.0
Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
16-04-2021 - 21:20 14-04-2021 - 14:15
CVE-2020-21087 4.3
Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.
16-04-2021 - 21:20 14-04-2021 - 14:15
CVE-2021-27394 None
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications
16-04-2021 - 21:15 16-04-2021 - 20:15
CVE-2021-28354 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 21:08 13-04-2021 - 20:15
CVE-2021-28355 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 21:08 13-04-2021 - 20:15
CVE-2021-28353 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 21:08 13-04-2021 - 20:15
CVE-2021-28435 2.1
Windows Event Tracing Information Disclosure Vulnerability
16-04-2021 - 21:07 13-04-2021 - 20:15
CVE-2021-24024 4.0
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
16-04-2021 - 20:57 12-04-2021 - 15:15
CVE-2021-24226 5.0
In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage oc
16-04-2021 - 20:56 12-04-2021 - 14:15
CVE-2021-28352 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 20:53 13-04-2021 - 20:15
CVE-2021-28346 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 20:44 13-04-2021 - 20:15
CVE-2021-28357 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 20:37 13-04-2021 - 20:15
CVE-2021-28356 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 20:36 13-04-2021 - 20:15
CVE-2021-1407 4.3
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Ma
16-04-2021 - 20:35 08-04-2021 - 04:15
CVE-2021-28686 2.1
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.
16-04-2021 - 20:34 08-04-2021 - 11:15
CVE-2021-1409 4.3
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Ma
16-04-2021 - 20:32 08-04-2021 - 04:15
CVE-2021-1408 4.3
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Ma
16-04-2021 - 20:31 08-04-2021 - 04:15
CVE-2021-27600 3.5
SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not suffici
16-04-2021 - 20:28 13-04-2021 - 19:15
CVE-2021-28434 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 20:27 13-04-2021 - 20:15
CVE-2021-28358 6.5
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-2833
16-04-2021 - 20:26 13-04-2021 - 20:15
CVE-2021-28421 7.5
FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library.
16-04-2021 - 20:25 13-04-2021 - 14:15
CVE-2021-31162 7.5
In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
16-04-2021 - 20:24 14-04-2021 - 07:15
CVE-2021-27092 7.5
Azure AD Web Sign-in Security Feature Bypass Vulnerability
16-04-2021 - 20:24 13-04-2021 - 20:15
CVE-2021-26415 4.6
Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440.
16-04-2021 - 20:23 13-04-2021 - 20:15
CVE-2021-27989 3.5
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
16-04-2021 - 20:22 14-04-2021 - 12:15
CVE-2021-30637 3.5
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
16-04-2021 - 20:20 13-04-2021 - 05:15
CVE-2020-9668 None
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
16-04-2021 - 20:10 16-04-2021 - 18:15
CVE-2021-26830 None
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
16-04-2021 - 20:10 16-04-2021 - 18:15
CVE-2021-29443 None
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if
16-04-2021 - 20:10 16-04-2021 - 18:15
CVE-2020-9667 None
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this
16-04-2021 - 20:10 16-04-2021 - 18:15
CVE-2020-9681 None
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitat
16-04-2021 - 20:10 16-04-2021 - 18:15
CVE-2021-31348 None
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
16-04-2021 - 20:10 16-04-2021 - 18:15
Back to Top Mark selected
Back to Top