CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2021-28190 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
502 CVE-2021-28189 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
503 CVE-2021-28188 120 Overflow +Info 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
504 CVE-2021-28187 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
505 CVE-2021-28186 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
506 CVE-2021-28185 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
507 CVE-2021-28184 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
508 CVE-2021-28183 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
509 CVE-2021-28182 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
510 CVE-2021-28181 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
511 CVE-2021-28180 120 Overflow 2021-04-06 2021-04-12
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
512 CVE-2021-28179 120 Overflow 2021-04-06 2021-04-12
4.0
None Remote Low ??? None None Partial
The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
513 CVE-2021-28178 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
514 CVE-2021-28177 120 Overflow 2021-04-06 2021-04-12
4.0
None Remote Low ??? None None Partial
The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
515 CVE-2021-28176 120 Overflow 2021-04-06 2021-04-13
4.0
None Remote Low ??? None None Partial
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
516 CVE-2021-28175 120 Overflow 2021-04-06 2021-04-09
4.0
None Remote Low ??? None None Partial
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
517 CVE-2021-28174 287 +Priv 2021-04-08 2021-04-20
6.4
None Remote Low Not required Partial Partial None
Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.
518 CVE-2021-28173 434 2021-04-06 2021-04-09
7.5
None Remote Low Not required Partial Partial Partial
The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.
519 CVE-2021-28172 22 Dir. Trav. 2021-04-06 2021-04-09
5.0
None Remote Low Not required Partial None None
There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.
520 CVE-2021-28171 522 2021-04-06 2021-04-09
7.5
None Remote Low Not required Partial Partial Partial
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.
521 CVE-2021-28168 732 2021-04-22 2021-06-17
2.1
None Local Low Not required Partial None None
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
522 CVE-2021-28167 909 2021-04-21 2021-04-27
6.4
None Remote Low Not required Partial Partial None
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.
523 CVE-2021-28166 476 2021-04-07 2021-04-13
4.0
None Remote Low ??? None None Partial
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
524 CVE-2021-28165 400 2021-04-01 2021-10-20
7.8
None Remote Low Not required None None Complete
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
525 CVE-2021-28164 863 2021-04-01 2021-12-07
5.0
None Remote Low Not required Partial None None
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
526 CVE-2021-28163 59 2021-04-01 2021-12-09
4.0
None Remote Low ??? Partial None None
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
527 CVE-2021-28157 89 Exec Code Sql 2021-04-14 2021-04-21
6.5
None Remote Low ??? Partial Partial Partial
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
528 CVE-2021-28156 Bypass 2021-04-20 2021-04-23
5.0
None Remote Low Not required None Partial None
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
529 CVE-2021-28142 89 Sql 2021-04-06 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
530 CVE-2021-28125 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
531 CVE-2021-28124 287 2021-04-02 2021-04-07
4.3
None Remote Medium Not required Partial None None
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster.
532 CVE-2021-28123 798 2021-04-02 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.
533 CVE-2021-28113 78 Exec Code 2021-04-02 2021-07-07
8.7
None Remote Low ??? Complete Complete Partial
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.
534 CVE-2021-28098 276 2021-04-14 2021-04-21
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.
535 CVE-2021-28079 79 XSS 2021-04-26 2021-04-30
4.3
None Remote Medium Not required None Partial None
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.
536 CVE-2021-28075 +Info 2021-04-06 2021-04-12
5.0
None Remote Low Not required Partial None None
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.
537 CVE-2021-28060 918 2021-04-14 2021-04-19
5.0
None Remote Low Not required Partial None None
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
538 CVE-2021-28055 CSRF 2021-04-15 2021-04-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
539 CVE-2021-28048 346 2021-04-14 2021-04-21
4.3
None Remote Medium Not required Partial None None
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
540 CVE-2021-28047 79 XSS 2021-04-01 2021-04-06
3.5
None Remote Medium ??? None Partial None
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.
541 CVE-2021-27990 287 2021-04-14 2021-04-21
5.0
None Remote Low Not required Partial None None
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
542 CVE-2021-27989 79 XSS 2021-04-14 2021-04-16
3.5
None Remote Medium ??? None Partial None
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
543 CVE-2021-27973 89 Sql 2021-04-02 2021-04-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
544 CVE-2021-27945 79 Exec Code XSS 2021-04-08 2021-04-14
4.3
None Remote Medium Not required None Partial None
The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.
545 CVE-2021-27933 79 XSS 2021-04-28 2021-05-01
4.3
None Remote Medium Not required None Partial None
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
546 CVE-2021-27905 918 2021-04-13 2021-09-16
7.5
None Remote Low Not required Partial Partial Partial
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
547 CVE-2021-27900 862 2021-04-06 2021-04-12
5.5
None Remote Low ??? None Partial Partial
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.
548 CVE-2021-27899 295 2021-04-06 2021-04-12
5.8
None Remote Medium Not required Partial Partial None
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected.
549 CVE-2021-27851 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
550 CVE-2021-27850 502 Exec Code Bypass 2021-04-15 2021-06-02
10.0
None Remote Low Not required Complete Complete Complete
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
Total number of vulnerabilities : 1821   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.