CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2021-30246 347 2021-04-07 2021-04-14
6.4
None Remote Low Not required Partial Partial None
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
152 CVE-2021-30245 610 Exec Code 2021-04-15 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.
153 CVE-2021-30224 352 CSRF 2021-04-29 2021-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
154 CVE-2021-30194 125 2021-05-25 2021-05-25
6.4
None Remote Low Not required Partial None Partial
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
155 CVE-2021-30184 120 Exec Code Overflow 2021-04-07 2021-05-04
6.8
None Remote Medium Not required Partial Partial Partial
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
156 CVE-2021-30180 444 2021-06-01 2021-06-10
6.8
None Remote Medium Not required Partial Partial Partial
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.
157 CVE-2021-30147 352 CSRF 2021-04-07 2021-04-12
6.8
None Remote Medium Not required Partial Partial Partial
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
158 CVE-2021-30145 134 Exec Code 2021-05-18 2021-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
159 CVE-2021-30126 2021-04-02 2021-04-09
6.4
None Remote Low Not required Partial Partial None
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.
160 CVE-2021-30123 120 Exec Code Overflow 2021-04-07 2021-06-04
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
161 CVE-2021-30108 918 2021-05-24 2021-05-28
6.4
None Remote Low Not required Partial Partial None
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
162 CVE-2021-30081 89 Sql 2021-05-24 2021-05-27
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
163 CVE-2021-30055 89 Sql 2021-04-05 2021-04-08
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.
164 CVE-2021-30045 120 Overflow 2021-04-06 2021-04-12
6.4
None Remote Low Not required Partial None Partial
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.
165 CVE-2021-29996 79 Exec Code XSS 2021-04-05 2021-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.
166 CVE-2021-29995 352 CSRF 2021-06-09 2021-06-17
6.8
None Remote Medium Not required Partial Partial Partial
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
167 CVE-2021-29943 863 2021-04-13 2021-06-08
6.4
None Remote Low Not required Partial Partial None
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
168 CVE-2021-29686 732 Bypass 2021-05-20 2021-05-24
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015
169 CVE-2021-29660 352 CSRF 2021-04-02 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
170 CVE-2021-29658 863 Exec Code 2021-03-31 2021-04-06
6.8
None Remote Medium Not required Partial Partial Partial
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.
171 CVE-2021-29654 502 Exec Code 2021-04-14 2021-04-21
6.5
None Remote Low ??? Partial Partial Partial
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
172 CVE-2021-29641 434 Exec Code 2021-04-07 2021-04-13
6.5
None Remote Low ??? Partial Partial Partial
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).
173 CVE-2021-29508 502 2021-05-11 2021-05-25
6.4
None Remote Low Not required None Partial Partial
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any type on the deserializing end. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300?view=vs-2019. This also applies to the fork of Wire.
174 CVE-2021-29505 502 Exec Code 2021-05-28 2021-06-09
6.5
None Remote Low ??? Partial Partial Partial
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
175 CVE-2021-29493 94 2021-05-06 2021-05-14
6.5
None Remote Low ??? Partial Partial Partial
Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.
176 CVE-2021-29478 190 Exec Code Overflow 2021-05-04 2021-05-18
6.0
None Remote Medium ??? Partial Partial Partial
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.
177 CVE-2021-29477 190 Exec Code Overflow 2021-05-04 2021-06-11
6.5
None Remote Low ??? Partial Partial Partial
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
178 CVE-2021-29472 94 Exec Code 2021-04-27 2021-05-26
6.5
None Remote Low ??? Partial Partial Partial
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue.
179 CVE-2021-29468 20 Exec Code 2021-04-29 2021-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.
180 CVE-2021-29464 787 Exec Code Overflow 2021-04-30 2021-05-10
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.
181 CVE-2021-29457 122 Exec Code Overflow 2021-04-19 2021-06-02
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.
182 CVE-2021-29451 347 2021-04-16 2021-04-22
6.4
None Remote Low Not required Partial Partial None
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
183 CVE-2021-29440 94 Exec Code +Priv 2021-04-13 2021-06-08
6.5
None Remote Low ??? Partial Partial Partial
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.
184 CVE-2021-29439 863 Exec Code 2021-04-13 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation.
185 CVE-2021-29350 89 Sql 2021-04-29 2021-06-01
6.5
None Remote Low ??? Partial Partial Partial
SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.
186 CVE-2021-29279 787 Overflow 2021-04-19 2021-04-21
6.8
None Remote Medium Not required Partial Partial Partial
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.
187 CVE-2021-29261 Exec Code 2021-04-05 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.
188 CVE-2021-29246 22 Exec Code Dir. Trav. 2021-05-05 2021-05-11
6.5
None Remote Low ??? Partial Partial Partial
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.
189 CVE-2021-29240 2021-05-04 2021-05-11
6.8
None Remote Medium Not required Partial Partial Partial
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
190 CVE-2021-29238 352 CSRF 2021-05-03 2021-05-11
6.8
None Remote Medium Not required Partial Partial Partial
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
191 CVE-2021-29221 426 Exec Code 2021-04-09 2021-04-20
6.2
None Local High Not required Complete Complete Complete
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
192 CVE-2021-29100 22 Exec Code Dir. Trav. 2021-05-05 2021-05-11
6.8
None Remote Medium Not required Partial Partial Partial
A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system.
193 CVE-2021-29098 824 Exec Code 2021-03-25 2021-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
194 CVE-2021-29097 119 Exec Code Overflow 2021-03-25 2021-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
195 CVE-2021-29096 416 Exec Code 2021-03-25 2021-03-31
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
196 CVE-2021-29095 824 Exec Code 2021-03-25 2021-03-31
6.0
None Remote Medium ??? Partial Partial Partial
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
197 CVE-2021-29094 120 Exec Code Overflow 2021-03-25 2021-03-31
6.0
None Remote Medium ??? Partial Partial Partial
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
198 CVE-2021-29093 416 Exec Code 2021-03-25 2021-03-31
6.0
None Remote Medium ??? Partial Partial Partial
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
199 CVE-2021-29092 434 Exec Code 2021-06-01 2021-06-09
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
200 CVE-2021-29068 120 Overflow 2021-03-23 2021-03-27
6.5
None Remote Low ??? Partial Partial Partial
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.