CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-34539 20 Exec Code 2021-06-10 2021-06-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution.
2 CVE-2021-34363 22 Dir. Trav. 2021-06-10 2021-06-15
6.4
None Remote Low Not required None Partial Partial
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
3 CVE-2021-34280 824 Exec Code 2021-06-08 2021-06-15
6.8
None Remote Medium Not required Partial Partial Partial
Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. To exploit the vulnerability, someone must open a crafted PDF file.
4 CVE-2021-34128 434 Exec Code 2021-06-15 2021-06-21
6.5
None Remote Low ??? Partial Partial Partial
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.
5 CVE-2021-33898 502 Exec Code 2021-06-06 2021-06-15
6.8
None Remote Medium Not required Partial Partial Partial
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain contexts, this can result in remote code execution. The attacker's input must be hosted at http://www.geoplugin.net (cleartext HTTP), and thus a successful attack requires spoofing that site or obtaining control of it.
6 CVE-2021-33894 89 Sql 2021-06-09 2021-06-22
6.5
None Remote Low ??? Partial Partial Partial
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.
7 CVE-2021-33879 494 2021-06-06 2021-06-15
6.8
None Remote Medium Not required Partial Partial Partial
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.
8 CVE-2021-33815 129 2021-06-03 2021-06-07
6.8
None Remote Medium Not required Partial Partial Partial
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
9 CVE-2021-33742 Exec Code 2021-06-08 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
Windows MSHTML Platform Remote Code Execution Vulnerability
10 CVE-2021-33712 345 2021-06-08 2021-06-15
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges.
11 CVE-2021-33669 212 2021-06-09 2021-06-21
6.9
None Local Medium Not required Complete Complete Complete
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability.
12 CVE-2021-33622 754 2021-06-15 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
13 CVE-2021-33591 Exec Code 2021-05-28 2021-06-03
6.8
None Remote Medium Not required Partial Partial Partial
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
14 CVE-2021-33564 88 Exec Code 2021-05-29 2021-06-10
6.8
None Remote Medium Not required Partial Partial Partial
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
15 CVE-2021-33497 22 Dir. Trav. 2021-05-24 2021-05-27
6.4
None Remote Low Not required None Partial Partial
Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.
16 CVE-2021-33477 755 Exec Code 2021-05-20 2021-06-09
6.5
None Remote Low ??? Partial Partial Partial
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
17 CVE-2021-33205 269 +Priv 2021-06-11 2021-06-21
6.5
None Remote Low ??? Partial Partial Partial
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
18 CVE-2021-33181 918 2021-06-01 2021-06-10
6.5
None Remote Low ??? Partial Partial Partial
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.
19 CVE-2021-32952 787 Exec Code 2021-06-17 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.
20 CVE-2021-32948 787 Exec Code 2021-06-17 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.
21 CVE-2021-32946 754 Exec Code 2021-06-17 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.
22 CVE-2021-32944 416 Exec Code Mem. Corr. 2021-06-17 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.
23 CVE-2021-32936 787 Exec Code 2021-06-17 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.
24 CVE-2021-32925 200 +Info 2021-05-13 2021-05-21
6.4
None Remote Low Not required Partial None Partial
admin/user_import.php in Chamilo 1.11.14 reads XML data without disabling the ability to load external entities.
25 CVE-2021-32924 94 2021-06-01 2021-06-16
6.0
None Remote Medium ??? Partial Partial Partial
Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
26 CVE-2021-32819 Exec Code 2021-05-14 2021-05-20
6.8
None Remote Medium Not required Partial Partial Partial
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.
27 CVE-2021-32674 22 Dir. Trav. 2021-06-08 2021-06-21
6.5
None Remote Low ??? Partial Partial Partial
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.21 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
28 CVE-2021-32654 639 2021-06-01 2021-06-14
6.4
None Remote Low Not required Partial Partial None
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing.
29 CVE-2021-32647 74 Exec Code 2021-06-01 2021-06-10
6.5
None Remote Low ??? Partial Partial Partial
Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`CreatePlace`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/CreatePlaceAction.java#L36) REST endpoint accepts an `sppClassName` parameter which is used to load an arbitrary class. This class is later instantiated using a constructor with the following signature: `<constructor>(String, String, String)`. An attacker may find a gadget (class) in the application classpath that could be used to achieve Remote Code Execution (RCE) or disrupt the application. Even though the chances to find a gadget (class) that allow arbitrary code execution are low, an attacker can still find gadgets that could potentially crash the application or leak sensitive data. As a work around disable network access to Emissary from untrusted sources.
30 CVE-2021-32635 Exec Code 2021-05-28 2021-06-10
6.8
None Remote Medium Not required Partial Partial Partial
Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default remote endpoint (`cloud.sylabs.io`) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container. Only action commands (`run`/`shell`/`exec`) against `library://` URIs are affected. Other commands such as `pull` / `push` respect the configured remote endpoint. The vulnerability is patched in Singularity version 3.7.4. Two possible workarounds exist: Users can only interact with the default remote endpoint, or an installation can have an execution control list configured to restrict execution to containers signed with specific secure keys.
31 CVE-2021-32634 502 Exec Code 2021-05-21 2021-05-27
6.5
None Remote Low ??? Partial Partial Partial
Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/WorkSpaceClientEnqueueAction.java) REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in version 6.5.0. As a workaround, one can disable network access to Emissary from untrusted sources.
32 CVE-2021-32633 22 Dir. Trav. 2021-05-21 2021-05-27
6.5
None Remote Low ??? Partial Partial Partial
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
33 CVE-2021-32630 434 2021-05-20 2021-05-27
6.5
None Remote Low ??? Partial Partial Partial
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could rename the php shell with a .phar extension, visit the file, triggering the payload for a reverse/bind shell. This can be mitigated by excluding a .phar file extension to be uploaded (like you did with .php .phtml .php5 etc). The vulnerability is patched in version 4.0.4.
34 CVE-2021-32625 120 Exec Code Overflow 2021-06-02 2021-06-14
6.5
None Remote Low ??? Partial Partial Partial
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer (on 32-bit systems ONLY) can be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix for CVE-2021-29477 which only addresses the problem on 64-bit systems but fails to do that for 32-bit. 64-bit systems are not affected. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the `redis-server` executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
35 CVE-2021-32621 94 2021-05-28 2021-06-10
6.5
None Remote Low ??? Partial Partial Partial
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.
36 CVE-2021-32455 400 DoS 2021-05-17 2021-05-24
6.1
None Local Network Low Not required None None Complete
SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the deviceĀ“s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively.
37 CVE-2021-32403 352 CSRF 2021-05-17 2021-06-09
6.8
None Remote Medium Not required Partial Partial Partial
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
38 CVE-2021-32402 352 CSRF 2021-05-17 2021-05-25
6.8
None Remote Medium Not required Partial Partial Partial
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
39 CVE-2021-32243 434 2021-06-16 2021-06-23
6.5
None Remote Low ??? Partial Partial Partial
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
40 CVE-2021-32104 89 Sql 2021-05-07 2021-05-11
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
41 CVE-2021-32102 89 Sql 2021-05-07 2021-05-11
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
42 CVE-2021-32101 732 Bypass 2021-05-07 2021-05-11
6.4
None Remote Low Not required Partial Partial None
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.
43 CVE-2021-32096 352 CSRF 2021-05-07 2021-05-19
6.8
None Remote Medium Not required Partial Partial Partial
The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.
44 CVE-2021-32094 434 2021-05-07 2021-05-12
6.5
None Remote Low ??? Partial Partial Partial
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.
45 CVE-2021-32078 125 2021-06-17 2021-06-22
6.6
None Local Low Not required Complete None Complete
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
46 CVE-2021-32073 352 Exec Code CSRF 2021-05-15 2021-05-21
6.8
None Remote Medium Not required Partial Partial Partial
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
47 CVE-2021-32027 119 Overflow 2021-06-01 2021-06-10
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
48 CVE-2021-31985 Exec Code 2021-06-08 2021-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Defender Remote Code Execution Vulnerability
49 CVE-2021-31983 Exec Code 2021-06-08 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.
50 CVE-2021-31971 Bypass 2021-06-08 2021-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Windows HTML Platform Security Feature Bypass Vulnerability
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.