CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2021-28334 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
452 CVE-2021-28333 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
453 CVE-2021-28332 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
454 CVE-2021-28331 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
455 CVE-2021-28330 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
456 CVE-2021-28329 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
457 CVE-2021-28328 2021-04-13 2021-04-20
4.0
None Remote Low ??? Partial None None
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323.
458 CVE-2021-28327 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.
459 CVE-2021-28326 DoS 2021-04-13 2021-06-04
3.6
None Local Low Not required None Partial Partial
Windows AppX Deployment Server Denial of Service Vulnerability
460 CVE-2021-28325 200 +Info 2021-04-13 2021-04-16
4.0
None Remote Low ??? Partial None None
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28324.
461 CVE-2021-28324 200 +Info 2021-04-13 2021-04-15
5.0
None Remote Low Not required Partial None None
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325.
462 CVE-2021-28323 200 +Info 2021-04-13 2021-04-22
4.0
None Remote Low ??? Partial None None
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.
463 CVE-2021-28322 269 2021-04-13 2021-04-22
4.6
None Local Low Not required Partial Partial Partial
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321.
464 CVE-2021-28321 269 2021-04-13 2021-04-22
4.6
None Local Low Not required Partial Partial Partial
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.
465 CVE-2021-28320 269 2021-04-13 2021-04-15
4.6
None Local Low Not required Partial Partial Partial
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
466 CVE-2021-28319 DoS 2021-04-13 2021-04-15
5.0
None Remote Low Not required None None Partial
Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28439.
467 CVE-2021-28318 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows GDI+ Information Disclosure Vulnerability
468 CVE-2021-28317 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Microsoft Windows Codecs Library Information Disclosure Vulnerability
469 CVE-2021-28316 Bypass 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
470 CVE-2021-28315 Exec Code 2021-04-13 2021-04-15
4.6
None Local Low Not required Partial Partial Partial
Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095.
471 CVE-2021-28314 269 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
Windows Hyper-V Elevation of Privilege Vulnerability
472 CVE-2021-28313 269 2021-04-13 2021-04-22
4.6
None Local Low Not required Partial Partial Partial
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322.
473 CVE-2021-28312 DoS 2021-04-13 2021-04-16
4.3
None Remote Medium Not required None None Partial
Windows NTFS Denial of Service Vulnerability
474 CVE-2021-28311 DoS 2021-04-13 2021-04-16
4.3
None Remote Medium Not required None None Partial
Windows Application Compatibility Cache Denial of Service Vulnerability
475 CVE-2021-28310 269 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072.
476 CVE-2021-28309 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093.
477 CVE-2021-28300 476 Exec Code 2021-04-14 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
478 CVE-2021-28280 XSS CSRF 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
479 CVE-2021-28271 276 2021-04-27 2021-09-23
6.5
None Remote Low ??? Partial Partial Partial
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
480 CVE-2021-28269 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
481 CVE-2021-28242 77 Sql +Info 2021-04-15 2021-06-04
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
482 CVE-2021-28209 22 Dir. Trav. 2021-04-06 2021-04-14
6.8
None Remote Low ??? Complete None None
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
483 CVE-2021-28208 22 Dir. Trav. 2021-04-06 2021-04-14
6.8
None Remote Low ??? Complete None None
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
484 CVE-2021-28207 22 Dir. Trav. 2021-04-06 2021-04-14
6.8
None Remote Low ??? Complete None None
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
485 CVE-2021-28206 22 Dir. Trav. 2021-04-06 2021-04-14
6.8
None Remote Low ??? Complete None None
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
486 CVE-2021-28205 22 Dir. Trav. 2021-04-06 2021-04-14
6.8
None Remote Low ??? Complete None None
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
487 CVE-2021-28204 78 Exec Code +Info 2021-04-06 2021-04-14
6.5
None Remote Low ??? Partial Partial Partial
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
488 CVE-2021-28203 78 Exec Code 2021-04-06 2021-04-14
6.5
None Remote Low ??? Partial Partial Partial
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
489 CVE-2021-28202 120 Overflow 2021-04-06 2021-04-14
4.0
None Remote Low ??? None None Partial
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
490 CVE-2021-28201 120 Overflow 2021-04-06 2021-04-14
4.0
None Remote Low ??? None None Partial
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
491 CVE-2021-28200 120 Overflow 2021-04-06 2021-04-14
4.0
None Remote Low ??? None None Partial
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
492 CVE-2021-28199 120 Overflow +Info 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
493 CVE-2021-28198 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
494 CVE-2021-28197 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
495 CVE-2021-28196 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
496 CVE-2021-28195 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
497 CVE-2021-28194 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
498 CVE-2021-28193 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
499 CVE-2021-28192 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
500 CVE-2021-28191 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Total number of vulnerabilities : 1821   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.