CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2021-29158 2021-04-23 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
102 CVE-2021-29147 Exec Code 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
103 CVE-2021-29146 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
104 CVE-2021-29142 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
105 CVE-2021-29141 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
106 CVE-2021-29140 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
107 CVE-2021-29139 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
108 CVE-2021-29138 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
109 CVE-2021-28399 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.
110 CVE-2021-28280 XSS CSRF 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
111 CVE-2021-28269 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
112 CVE-2021-28237 Overflow 2021-12-02 2021-12-02
0.0
None ??? ??? ??? ??? ??? ???
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
113 CVE-2021-28236 2021-12-02 2021-12-02
0.0
None ??? ??? ??? ??? ??? ???
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
114 CVE-2021-28125 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
115 CVE-2021-28055 CSRF 2021-04-15 2021-04-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
116 CVE-2021-27851 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
117 CVE-2021-27480 121 Exec Code Overflow 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code.
118 CVE-2021-26909 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
119 CVE-2021-26908 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
120 CVE-2021-26797 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.
121 CVE-2021-26777 Exec Code Overflow 2021-12-02 2021-12-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.
122 CVE-2021-25927 DoS Exec Code 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
123 CVE-2021-25898 2021-04-23 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
124 CVE-2021-25839 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
125 CVE-2021-25812 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.
126 CVE-2021-25811 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
127 CVE-2021-25810 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
128 CVE-2021-25165 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
129 CVE-2021-25164 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
130 CVE-2021-25154 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
131 CVE-2021-25153 Sql 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
132 CVE-2021-25151 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
133 CVE-2021-25147 Bypass 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
134 CVE-2021-23758 Exec Code 2021-12-03 2021-12-03
0.0
None ??? ??? ??? ??? ??? ???
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
135 CVE-2021-23562 2021-12-03 2021-12-03
0.0
None ??? ??? ??? ??? ??? ???
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
136 CVE-2021-23364 DoS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
137 CVE-2021-22669 732 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
138 CVE-2021-22660 125 Exec Code 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
139 CVE-2021-22547 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater.
140 CVE-2021-22514 Exec Code 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.
141 CVE-2021-22393 DoS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service.
142 CVE-2021-22332 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.
143 CVE-2021-22331 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
144 CVE-2021-22330 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal.
145 CVE-2021-22327 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).
146 CVE-2021-21537 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system.
147 CVE-2021-21536 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information.
148 CVE-2021-21535 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.
149 CVE-2021-21534 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API.
150 CVE-2021-21429 552 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.
Total number of vulnerabilities : 687   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.