Lista CVE - 2021 / Ottobre
Visualizzazione 1 - 100 di 1706 CVE per Ottobre 2021 (Pagina 1 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-41457 | 2021-10-01 | There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. |
| CVE-2021-41459 | 2021-10-01 | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. |
| CVE-2021-33626 | 2021-10-01 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can... |
| CVE-2021-3626 | 2021-10-01 | Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts |
| CVE-2021-3709 | 2021-10-01 | Apport file permission bypass through emacs byte compilation errors |
| CVE-2021-3710 | 2021-10-01 | Apport info disclosure via path traversal bug in read_file |
| CVE-2021-3747 | 2021-10-01 | MacOS version of Multipass incorrect owner for application directory |
| CVE-2021-34352 | 2021-10-01 | Command Injection Vulnerability in QVR |
| CVE-2021-34354 | 2021-10-01 | Stored Cross-site Scripting Vulnerability in Photo Station |
| CVE-2021-34355 | 2021-10-01 | Stored XSS Vulnerability in Photo Station |
| CVE-2021-34356 | 2021-10-01 | Stored XSS Vulnerability in Photo Station |
| CVE-2021-38675 | 2021-10-01 | Stored XSS Vulnerability in Image2PDF |
| CVE-2021-23893 | 2021-10-01 | Privilege Escalation vulnerability in McAfee Drive Encryption (MDE) |
| CVE-2021-41110 | 2021-10-01 | CWL Viewer: deserialization of untrusted data can lead to complete takeover by an attacker |
| CVE-2021-35297 | 2021-10-01 | Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception... |
| CVE-2021-40960 | 2021-10-01 | Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. |
| CVE-2021-41649 | 2021-10-01 | An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. |
| CVE-2021-41648 | 2021-10-01 | An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input. |
| CVE-2021-41647 | 2021-10-01 | An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and... |
| CVE-2021-3825 | 2021-10-01 | Missing Authorization Checks in LiderAhenk |
| CVE-2021-29108 | 2021-10-01 | There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below. |
| CVE-2021-29109 | 2021-10-01 | A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9. |
| CVE-2021-29110 | 2021-10-01 | Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. |
| CVE-2021-40921 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. |
| CVE-2021-40922 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. |
| CVE-2021-40923 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. |
| CVE-2021-40924 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. |
| CVE-2021-40925 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter. |
| CVE-2021-40926 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. |
| CVE-2021-40927 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. |
| CVE-2021-40928 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. |
| CVE-2021-40968 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. |
| CVE-2021-40969 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. |
| CVE-2021-40970 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. |
| CVE-2021-40971 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. |
| CVE-2021-40972 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. |
| CVE-2021-40973 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. |
| CVE-2021-40975 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. |
| CVE-2021-41461 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. |
| CVE-2021-41462 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. |
| CVE-2021-41463 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. |
| CVE-2021-41464 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. |
| CVE-2021-41465 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. |
| CVE-2021-41467 | 2021-10-01 | Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. |
| CVE-2021-38097 | 2021-10-01 | Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the... |
| CVE-2021-38096 | 2021-10-01 | Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution... |
| CVE-2021-38099 | 2021-10-01 | CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code... |
| CVE-2021-38104 | 2021-10-01 | IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory... |
| CVE-2021-38103 | 2021-10-01 | IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution... |
| CVE-2021-41845 | 2021-10-01 | A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. |
| CVE-2020-21012 | 2021-10-01 | Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit... |
| CVE-2020-21013 | 2021-10-01 | emlog v6.0.0 contains a SQL injection via /admin/comment.php. |
| CVE-2020-21014 | 2021-10-01 | emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. |
| CVE-2021-36298 | 2021-10-01 | Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote... |
| CVE-2021-36309 | 2021-10-01 | Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to... |
| CVE-2020-21228 | 2021-10-01 | JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. |
| CVE-2021-41847 | 2021-10-01 | An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST... |
| CVE-2021-38101 | 2021-10-01 | CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code... |
| CVE-2021-38098 | 2021-10-01 | Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the... |
| CVE-2021-38100 | 2021-10-01 | Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in... |
| CVE-2021-38106 | 2021-10-01 | UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory... |
| CVE-2021-38102 | 2021-10-01 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory... |
| CVE-2021-38110 | 2021-10-01 | Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution... |
| CVE-2021-38105 | 2021-10-01 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory... |
| CVE-2021-38108 | 2021-10-01 | Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory... |
| CVE-2021-38109 | 2021-10-01 | Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the... |
| CVE-2021-38107 | 2021-10-01 | CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory... |
| CVE-2021-41862 | 2021-10-01 | AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL). |
| CVE-2021-41864 | 2021-10-01 | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. |
| CVE-2021-32765 | 2021-10-04 | Integer Overflow to Buffer Overflow in Hiredis |
| CVE-2021-41103 | 2021-10-04 | Insufficiently restricted permissions on plugin directories |
| CVE-2021-41861 | 2021-10-04 | The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there... |
| CVE-2021-21704 | 2021-10-04 | Multiple vulnerabilities in Firebird client extension |
| CVE-2021-21705 | 2021-10-04 | Incorrect URL validation in FILTER_VALIDATE_URL |
| CVE-2021-21706 | 2021-10-04 | ZipArchive::extractTo may extract outside of destination dir |
| CVE-2021-40323 | 2021-10-04 | Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. |
| CVE-2021-40324 | 2021-10-04 | Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. |
| CVE-2021-40325 | 2021-10-04 | Cobbler before 3.3.0 allows authorization bypass for modification of settings. |
| CVE-2021-41285 | 2021-10-04 | Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to... |
| CVE-2021-41322 | 2021-10-04 | Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. |
| CVE-2021-41869 | 2021-10-04 | SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. |
| CVE-2021-22557 | 2021-10-04 | Code execution in SLO Generator via YAML Payload |
| CVE-2021-24465 | 2021-10-04 | Meow Gallery < 4.1.9 - Contributor+ SQL Injection |
| CVE-2021-24654 | 2021-10-04 | User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting |
| CVE-2021-24673 | 2021-10-04 | Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24676 | 2021-10-04 | Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting |
| CVE-2021-24678 | 2021-10-04 | CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24679 | 2021-10-04 | Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting |
| CVE-2021-24687 | 2021-10-04 | Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-41878 | 2021-10-04 | A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and... |
| CVE-2021-41511 | 2021-10-04 | The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. |
| CVE-2021-36051 | 2021-10-04 | XMP Toolkit SDK Buffer Overflow Could Lead To Arbitrary Code Execution |
| CVE-2021-37330 | 2021-10-04 | Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file... |
| CVE-2021-37331 | 2021-10-04 | Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and... |
| CVE-2021-37333 | 2021-10-04 | Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser. |
| CVE-2021-37777 | 2021-10-04 | Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name... |
| CVE-2021-39486 | 2021-10-04 | A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's... |
| CVE-2021-41868 | 2021-10-04 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. |
| CVE-2021-38822 | 2021-10-04 | A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. |
| CVE-2021-38823 | 2021-10-04 | The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different... |