CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2020-36323 134 2021-04-14 2021-04-27
6.4
None Remote Low Not required Partial None Partial
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
1502 CVE-2020-36322 459 2021-04-14 2021-06-23
4.9
None Local Low Not required None None Complete
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
1503 CVE-2020-36321 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.
1504 CVE-2020-36320 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
1505 CVE-2020-36319 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController
1506 CVE-2020-36318 415 2021-04-11 2021-04-26
7.5
None Remote Low Not required Partial Partial Partial
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
1507 CVE-2020-36317 119 Overflow 2021-04-11 2021-04-22
5.0
None Remote Low Not required None None Partial
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.
1508 CVE-2020-36316 120 Overflow 2021-04-07 2021-04-16
4.3
None Remote Medium Not required None None Partial
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.
1509 CVE-2020-36315 20 2021-04-07 2021-04-16
5.0
None Remote Low Not required None Partial None
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.
1510 CVE-2020-36314 22 Dir. Trav. 2021-04-07 2021-06-03
2.6
None Local High Not required None Partial Partial
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
1511 CVE-2020-36313 416 2021-04-07 2021-06-07
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.
1512 CVE-2020-36312 401 2021-04-07 2021-04-13
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
1513 CVE-2020-36311 DoS 2021-04-07 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
1514 CVE-2020-36310 835 2021-04-07 2021-04-13
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
1515 CVE-2020-36309 2021-04-06 2021-06-03
5.0
None Remote Low Not required None Partial None
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
1516 CVE-2020-36308 74 2021-04-06 2021-06-01
5.0
None Remote Low Not required Partial None None
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
1517 CVE-2020-36307 79 XSS 2021-04-06 2021-06-01
4.3
None Remote Medium Not required None Partial None
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
1518 CVE-2020-36306 79 XSS 2021-04-06 2021-06-01
4.3
None Remote Medium Not required None Partial None
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
1519 CVE-2020-36288 79 XSS 2021-04-15 2021-04-21
4.3
None Remote Medium Not required None Partial None
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.
1520 CVE-2020-36287 863 2021-04-09 2021-04-14
5.0
None Remote Low Not required Partial None None
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.
1521 CVE-2020-36286 2021-04-01 2021-04-06
5.0
None Remote Low Not required Partial None None
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
1522 CVE-2020-36285 347 2021-04-06 2021-04-09
5.0
None Remote Low Not required None Partial None
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
1523 CVE-2020-36284 347 2021-04-06 2021-04-09
5.0
None Remote Low Not required None Partial None
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
1524 CVE-2020-36238 863 2021-04-01 2021-04-06
5.0
None Remote Low Not required Partial None None
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
1525 CVE-2020-36195 89 Sql +Info 2021-04-17 2021-04-23
7.5
None Remote Low Not required Partial Partial Partial
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
1526 CVE-2020-36120 120 DoS Overflow 2021-04-14 2021-04-16
5.0
None Remote Low Not required None None Partial
Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
1527 CVE-2020-35982 476 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
1528 CVE-2020-35981 476 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
1529 CVE-2020-35980 416 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
1530 CVE-2020-35979 787 Overflow 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
1531 CVE-2020-35660 79 XSS 2021-04-14 2021-04-19
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
1532 CVE-2020-35542 XSS 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack.
1533 CVE-2020-35430 89 Sql 2021-04-29 2021-04-30
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.
1534 CVE-2020-35419 79 XSS 2021-04-14 2021-04-19
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
1535 CVE-2020-35418 79 XSS 2021-04-14 2021-04-19
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
1536 CVE-2020-35314 78 Exec Code 2021-04-20 2021-06-01
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
1537 CVE-2020-35313 918 Exec Code 2021-04-20 2021-04-23
7.5
None Remote Low Not required Partial Partial Partial
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
1538 CVE-2020-29639 125 2021-04-02 2021-04-08
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory.
1539 CVE-2020-29633 287 Bypass 2021-04-02 2021-04-08
6.5
None Remote Low ??? Partial Partial Partial
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy.
1540 CVE-2020-29625 Exec Code 2021-04-02 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.
1541 CVE-2020-29624 119 Exec Code Overflow Mem. Corr. 2021-04-02 2021-04-07
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.
1542 CVE-2020-29623 2021-04-02 2021-06-02
2.1
None Local Low Not required None Partial None
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
1543 CVE-2020-29621 862 Bypass 2021-04-02 2021-04-07
2.1
None Local Low Not required Partial None None
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.
1544 CVE-2020-29620 269 2021-04-02 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.
1545 CVE-2020-29619 125 2021-04-02 2021-04-07
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.
1546 CVE-2020-29618 125 Exec Code 2021-04-02 2021-04-07
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.
1547 CVE-2020-29617 125 2021-04-02 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.
1548 CVE-2020-29616 119 Exec Code Overflow Mem. Corr. 2021-04-02 2021-04-07
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.
1549 CVE-2020-29615 125 DoS 2021-04-02 2021-04-07
4.3
None Remote Medium Not required None None Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.
1550 CVE-2020-29614 2021-04-02 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption.
Total number of vulnerabilities : 1821   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34 35 36 37
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.