CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2021-30048 22 Dir. Trav. 2021-04-29 2021-09-21
5.0
None Remote Low Not required Partial None None
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
202 CVE-2021-30046 755 DoS 2021-04-06 2021-04-19
4.3
None Remote Medium Not required None None Partial
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.
203 CVE-2021-30045 120 Overflow 2021-04-06 2021-04-12
6.4
None Remote Low Not required Partial None Partial
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.
204 CVE-2021-30044 79 XSS 2021-04-13 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
205 CVE-2021-30042 79 XSS 2021-04-13 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php
206 CVE-2021-30039 79 XSS 2021-04-13 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php.
207 CVE-2021-30034 79 XSS 2021-04-13 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
208 CVE-2021-30030 79 XSS 2021-04-13 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
209 CVE-2021-30027 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
210 CVE-2021-30022 190 Overflow 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.
211 CVE-2021-30020 787 Overflow 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.
212 CVE-2021-30019 787 Overflow 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.
213 CVE-2021-30015 476 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.
214 CVE-2021-30014 190 Overflow 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.
215 CVE-2021-30004 20 2021-04-02 2021-04-07
5.0
None Remote Low Not required None Partial None
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
216 CVE-2021-30003 79 XSS 2021-04-02 2021-04-07
3.5
None Remote Medium ??? None Partial None
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.
217 CVE-2021-30002 772 2021-04-02 2021-06-23
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
218 CVE-2021-30000 89 Exec Code Sql 2021-04-02 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.
219 CVE-2021-29999 787 Overflow 2021-04-13 2021-04-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
220 CVE-2021-29998 787 Overflow 2021-04-13 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
221 CVE-2021-29997 125 2021-04-13 2021-06-10
5.0
None Remote Low Not required None None Partial
An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.
222 CVE-2021-29996 79 Exec Code XSS 2021-04-05 2021-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.
223 CVE-2021-29943 863 2021-04-13 2021-06-08
6.4
None Remote Low Not required Partial Partial None
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
224 CVE-2021-29942 787 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large.
225 CVE-2021-29941 787 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small.
226 CVE-2021-29940 415 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.
227 CVE-2021-29939 787 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.
228 CVE-2021-29938 415 2021-04-01 2021-04-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.
229 CVE-2021-29937 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().
230 CVE-2021-29936 908 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.
231 CVE-2021-29935 416 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics.
232 CVE-2021-29934 125 2021-04-01 2021-04-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.
233 CVE-2021-29933 415 2021-04-01 2021-04-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.
234 CVE-2021-29932 400 DoS 2021-04-01 2021-04-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.
235 CVE-2021-29931 415 2021-04-01 2021-04-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().
236 CVE-2021-29930 787 2021-04-01 2021-04-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default().
237 CVE-2021-29929 415 2021-04-01 2021-04-01
5.0
None Remote Low Not required None None Partial
An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.
238 CVE-2021-29694 326 2021-04-26 2021-04-26
5.0
None Remote Low Not required Partial None None
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.
239 CVE-2021-29672 787 Exec Code Overflow 2021-04-26 2021-04-27
7.2
None Local Low Not required Complete Complete Complete
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479
240 CVE-2021-29671 863 Bypass 2021-04-09 2021-04-14
1.9
None Local Medium Not required None Partial None
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.
241 CVE-2021-29667 Exec Code 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.
242 CVE-2021-29666 XSS 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.
243 CVE-2021-29661 79 XSS 2021-04-02 2021-04-08
3.5
None Remote Medium ??? None Partial None
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
244 CVE-2021-29660 352 CSRF 2021-04-02 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
245 CVE-2021-29654 502 Exec Code 2021-04-14 2021-04-21
6.5
None Remote Low ??? Partial Partial Partial
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
246 CVE-2021-29653 295 2021-04-22 2021-04-29
4.3
None Remote Medium Not required None Partial None
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
247 CVE-2021-29652 601 2021-04-02 2021-04-06
5.8
None Remote Medium Not required Partial Partial None
Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process
248 CVE-2021-29651 601 2021-04-02 2021-04-06
5.8
None Remote Medium Not required Partial Partial None
Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).
249 CVE-2021-29641 434 Exec Code 2021-04-07 2021-04-13
6.5
None Remote Low ??? Partial Partial Partial
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).
250 CVE-2021-29627 415 2021-04-07 2021-04-23
7.2
None Local Low Not required Complete Complete Complete
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.
Total number of vulnerabilities : 1821   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.